Switching AEK management from ISKLM to a local keystore

Once you added the remote key into the local keystore on Cloud Pak for Data System, you can switch the key management from remote ISKLM to this local keystore.

Procedure

  1. Log in as apadmin or equivalent into any of the control nodes.
  2. Run the command:
    apsedsklm switch --local 

    On success, this command switches AEK key management from ISKLM server to the local keystore which is created on all the control nodes of Cloud Pak for Data System. At this point, your system does not connect to ISKLM anymore when unlocking the SED drives.

    Example usage:
    [apadmin@e1n1]# apsedsklm switch --local
    Switching appliance from SKLM to local.
    Copying keystate file to all nodes..
    Successfully switched from SKLM to local...
    Please find log at /var/log/appliance/platform/sedsupport/apsedsklm.log