![NetApp FAS9500 Скачать руководство пользователя страница 9](http://html1.mh-extra.com/html/netapp/fas9500/fas9500_manual_1669952009.webp)
key-manager key-query -key-type NSE-AK
After the ONTAP 9.6 release, you may have additional key manager types. The types are
KMIP
,
AKV
, and
GCP
. The process for confirming these types is the same as confirming
external
or
onboard
key manager types.
• If the
Key Manager
type displays
external
and the
Restored
column displays
yes
, it’s safe to shut
down the impaired controller.
• If the
Key Manager
type displays
onboard
and the
Restored
column displays
yes
, you need to
complete some additional steps.
• If the
Key Manager
type displays
external
and the
Restored
column displays anything other than
yes
, you need to complete some additional steps.
• If the
Key Manager
type displays
external
and the
Restored
column displays anything other than
yes
, you need to complete some additional steps.
1. If the
Key Manager
type displays
onboard
and the
Restored
column displays
yes
, manually back
up the OKM information:
a. Go to advanced privilege mode and enter
y
when prompted to continue:
set -priv advanced
b. Enter the command to display the key management information:
security key-manager
onboard show-backup
c. Copy the contents of the backup information to a separate file or your log file. You’ll need it in
disaster scenarios where you might need to manually recover OKM.
d. Return to admin mode:
set -priv admin
e. You can safely shut down the controller.
2. If the
Key Manager
type displays
external
and the
Restored
column displays anything other than
yes
:
a. Enter the onboard security key-manager sync command:
security key-manager external
sync
If the command fails, contact NetApp Support.
b. Verify that the
Restored
column equals
yes
for all authentication keys:
security key-
manager key-query
c. You can safely shut down the controller.
3. If the
Key Manager
type displays
onboard
and the
Restored
column displays anything other than
yes
:
a. Enter the onboard security key-manager sync command:
security key-manager onboard
sync
Enter the customer’s onboard key management passphrase at the prompt. If the passphrase
cannot be provided, contact NetApp Support.
7