Overview, Command validation checks – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

126

Fabric OS Encryption Administrator’s Guide (DPM)

53-1002922-01

Overview

3

Overview

This chapter explains how to use the command line interface (CLI) to configure a Brocade
Encryption Switch, or an FS8-18 Encryption blade in a DCX Backbone chassis to perform data
encryption.

This chapter assumes that the basic setup and configuration of the Brocade Encryption Switch,
and DCX Backbone chassis have been done as part of the initial hardware installation, including
setting the management port IP address.

For command syntax and description of parameters, refer to the Fabric OS Command Reference
Manual.

Command validation checks

Before a command is executed, it is validated against the following checks.

1. Active or Standby availability: on enterprise-class platforms, checks that the command is

available on the Control Processor (CP).

2. Role Based Access Control (RBAC) availability: checks that the invoking user’s role is permitted

to invoke the command. If the command modifies system state, the user's role must have
modify permission for the command. If the command only displays system state, the user's role
must have observe permission for the command. Some commands both observe and modify
system state and thus require observe-modify permission. The following RBAC permissions are
supported:

•

O = observe

•

OM = observe-modify

•

N = none/not available

3. Admin Domain availability: checks that the command is allowed in the currently selected

Admin Domain. For information on Admin Domain concepts and restrictions, refer to the g126

Admin Domain Types are one or more of the following. If more than one AD type is listed for a
command, the AD type is option-specific. Display options may be allowed, but set options may
be subject to Admin Domain restrictions.

SwitchMember

Allowed to execute only if the local switch is part of the current AD.

Allowed

Allowed to execute in all ADs.

PhysFabricOnly

Allowed to execute only in AD255 context (and the user should own
access to AD0-AD255 and have admin RBAC privilege).

Disallowed

Allowed to execute in AD0 or AD255 context only; not allowed in
AD1-AD254 context.

AD0Disallowed

Allowed to execute only in AD255 and AD0 (if no ADs are configured).

AD0Only

Allowed to execute only in AD0 when ADs are not configured.

Command-specific

Checks whether the command is supported on the platform for which
it is targeted.