Brocade Communications Systems 1606 Command Reference Manual page 167

--dhresponse
--zeroizeEE
--delete -file
--reg -KAClogin
Fabric OS Command Reference
53-1001337-01
vault_IP_addr Specifies the IP address of the NetApp LKM appliance. This operand is
required.
Accepts the LKM Diffie-Hellman response from the specified NetApp LKM
appliance and generates the link key on the node on which this command is
issued. The DH response occurs by an automatic trusted link establishment
method. The LKM appliance must be specified by its vault_IP_addr. The DH
challenge request must be approved on the Net App LKM appliance for this
command to succeed. When quorum authentication is enabled (Quorum Size
is > 0), this operation requires authentication of a quorum of authentication
cards.
vault_IP_addr Specifies the IP address of the NetApp LKM appliance. This operand is
required.
Zeroizes all critical security parameters on the local encryption switch or
blade including all data encryption keys. This command is valid on all nodes.
This command prompts for confirmation and should be exercised with
caution.
slot_number Specifies the slot number of the encryption engine to be zeroized on a bladed
system.
Deletes an imported file. The file must be specified by its local name. This
command is valid on all nodes.
local_name Specifies the file to be deleted form the local directory where certificates are
stored.
Registers the node KAC login credentials (username and password) with the
configured key vaults. This command is valid only for the Thales nCipher
(NCKA) and HPSKM key vaults. This command must be run on each member
node.
primary|secondary
Specifies the key vault as primary or secondary.
For the NCKA, run this command on both a primary and a secondary key
vault. The system generates a username based on the switch WWN. The
username and group under which the username should be created on the
key vault are displayed when the command is executed. Configure the
password on the switch and create the same username on the key vault.
For the SKM, run this command only for the primary key vault. The login
credential must match a valid username/password pair configured on the key
vault. The same username/password must be configured on all the nodes of
any given encryption group to prevent connectivity issues between the SKM
and the switch. However, there is no enforcement from the switch to ensure
the same username is configured on all nodes. Different encryption groups
can use different usernames so long as all nodes in the group have the same
username. Changing the username using -KAClogin renders the previously
created keys inaccessible. When changing the username you must do the
same on the key vault, and you must change the key owner for all keys of all
LUNs through the SKM GUI. For downgrade considerations, refer to the Fabric
OS Encryption Administrator's Guide.
2
cryptoCfg
137