Brocade Communications Systems Brocade 8/12c Command Reference Manual page 204

22
cryptoCfg
--set -systemcard> enable | disable
--set -replication enable | disable
--add -membernode
--eject -membernode
--leave_encryption_group
--genmasterkey
170
Enables or disables the system card usage policy. When the policy is enabled, a
system card is required to be inserted in an encryption engine to enable
encryption after a power-cycle event. When quorum authentication is enabled
(Quorum Size is > 0), this operation requires authentication of a quorum of
authentication cards. The policy is disabled by default. This command must be
executed on the group leader.
Enables or disables replication-specific features. You must enable replication
before you can use replication-specific features such as the -newLUN,
-include_mirror, or the --refreshDEK command. Replication is disabled by
default; it must be enabled on the group leader. This command is supported only
for the RKM key vault.
Adds the specified member node to the existing encryption group. The member
node is specified by its node WWN. This command is valid only on the group
leader. Initial setup on the node must be performed prior to adding the node to an
encryption group.
This command is required only when a node that was earlier part of encryption
group (online and DISCOVERED) was ejected or left the encryption group and is
now added back to that encryption group. A member node that is online during
registration is added automatically to the encryption group. The following operand
is required:
node_WWN
Specifies the WWN of the node to be added back to the encryption group.
Removes a member node from the existing encryption group. The node is
specified by its node WWN. This command is valid only on the group leader. The
node must be online (in DISCOVERED state) for this command to succeed. To
remove a node that is not online (in DISCOVERING State), use the --dereg
-membernode command. You must remove the EEs from the HA cluster and
delete any Crypto Target container/LUN configurations from this node before
ejecting the node or the command fails. The following operand is required when
ejecting a member node:
node_WWN
Specifies the node WWN of the node to be removed from the encryption group.
Clears the node's states pertaining to the node's membership in the encryption
group. This command is invoked from the member node that is to be ejected from
the encryption group.
If there are CryptoTarget container/LUN configurations on the node and the
encryption engines of this node are part of any HA Cluster configuration, this
command prompts you to either continue leaving the encryption group while
retaining the configuration, or to abort the leave operation. It is recommended that
you remove the EEs from the HA cluster and delete any CryptoTarget container
and Crypto LUN configurations from this node prior to initiating a leave operation.
Generates a master key. A master key is needed when an opaque key vault such
as RKM is used. The master key must be exported (backed up) before it may be
used. This command is valid only on the group leader. Only one master key per
key vault is needed for the entire encryption group. When a master key is
generated and a master key exists, the current master key becomes the alternate
master Key and the newly generated master key becomes the current master key.
Fabric OS Command Reference
53-1001764-01