IIAS 1.0.15.0 and later apesklm command
Starting from IIAS version 1.0.15.0, you can use the following apesklm command to enable encryption for supplied storage type or device, add, display and delete SKLM information, and export storage devices certificate.
Syntax
apesklm [-h]
{status,enable,add-sklm,info-sklm,del-sklm,export-cert}Optional parameters
- -h|--help
- Displays help for the command.
Subcommands
- status [-h] [-s {fsn,dsn}] [-d <device>]
- Encryption key server status of appliance storage.
Parameters:
- -s|--storage {fsn,dsn}
- Type of the storage which status of the encryption key server should be displayed.
- -d|--device <device>
- Storage device host name which status of the encryption key server should be displayed only.
- enable [-h] [-s {fsn,dsn}] [-d <device>] [-t {primary,clone}] [-n <connection_name>] [-c <sklm_cert>] [-g <device_group>] [-a {yes,no}]
- Enables encryption for supplied storage type or device. Important: Before running apesklm enable command, you must follow the steps provided in Enabling storage hardware encryption with apesklm in IIAS 1.0.15.0 and later.
Optional parameters:
- -s|--storage {fsn,dsn}
- Storage type to enable encryption.
- -d|--device <device>
- Storage device host name to enable encryption for the given device only.
- -t|--sklmtype {primary,clone}
- SKLM type. primary and clone are only possible arguments.
- -n|--nameforconnection <connection_name>
- SKLM connection name.
- -c|--sklmcert <sklm_cert>
- Path to the SKLM server certificate.
- -g|--devicegroup <device_groupname>
- Storage device group.
- -a|--alldevices {yes,no}
- If yes, the command enables encryption for all devices. When -a yes is given, -s and -d options should not be supplied. If -a no, encryption is enabled for specific device provided with -d option and storage type option -s.
- add-sklm [-h] -i <sklm_ip> -p <sklm_port> -t {primary,clone}
- Adds SKLM information.
Parameters required:
- -i|--sklmip <sklm_ip>
- SKLM host IP.
- -p|--sklmport <sklm_port>
- SKLM host port.
- -t|--sklmtype {primary,clone}
- SKLM type. Must be set to primary or clone.
- info-sklm [-h]
- Displays information about SKLM.
- del-sklm [-h]
- Deletes SKLM information.
- export-cert [-h] [-s {fsn,dsn}] [-d <device>] [-l <loc>]
- Exports storage device certificates to the platform node.
Optional parameters:
- -s|--storage {fsn,dsn}
- Storage device type.
- -d|--device <device>
- Storage device host name to export certificates from this device.
- -l|--loc <loc>
- Export location on the platform node.