Dell POWEREDGE M1000E User Manual

156

Fabric OS Command Reference

53-1001764-02

cryptoCfg

2

--

reg -KACcert

Registers the signed node certificate. After being exported and signed by the
external signing authority, the signed node certificate must be imported back
into the node and registered for a successful two-way certificate exchange
with the key vault. This command is valid only on the group leader.

Registration functions need to be invoked on all the nodes in a DEK cluster
for their respective signed node certificates. The following operands are
required:

signed_certfile Specifies the name of the signed node certificate to be reimported.

primary | secondary

Specifies the signing key vault as primary or secondary. This operand is valid
only with the NCKA key vault, which requires the CSR to be signed by the
primary or secondary vault. If both primary and secondary vaults are
configured, this command must be run once for the primary and once for
secondary key vault from every node.

--

set -keyvault

Sets the key vault type. This command is valid only on the group leader.

value

Specifies the key vault type. The default is set to no value. This operand is
required. Valid values for -keyvault are:

LKM Specifies the NetApp LKM appliance (trusted key vault).

RKM Specifies the RSA Key Manager (RKM) (opaque key repository).

SKM Specifies the HP Secure Key Manager (SKM) (opaque key repository).

TEMS Specifies the Thales nCipher key management appliance (opaque key
repository, a.k.a NCKA).

--

set -failbackmode

Sets the failback mode parameter. This parameter is set on the group leader.
Valid values for failback mode are:

auto

Enables automatic failback. In this mode, failback occurs automatically
within an HA cluster when an encryption switch or blade that failed earlier
has been restored or replaced. Automatic failback mode is enabled by
default.

manual

Enables manual failback. In this mode, failback must be initiated manually
after an encryption switch or blade that failed earlier has been restored or
replaced.

--

set -hbmisses

Sets the number of heartbeat misses allowed in a node that is part of an
encryption group before the node is declared unreachable. This value is set in
conjunction with the time-out value. It must be configured at the group leader
node and is distributed to all member nodes in the encryption group. The
following operand is required:

value

Specifies the number of heartbeat misses. The default value is 3. The range
is 1-15 in integer increments only.

--

set -hbtimeout

Sets the time-out value for the heartbeat. This parameter must be configured
at the group leader node and is distributed to all member nodes in the
encryption group. The following operand is required:

value

Specifies the heartbeat time-out in seconds. The default value is 2 seconds.
Valid values are integers in the range between 1 and 30 seconds.