Switching AEK management from local keystore to ISKLM

Once you export the local key to ISKLM successfully, you must switch the key management from local keystore to ISKLM.

Procedure

  1. Log in as apadmin or equivalent to any of the control nodes.
  2. Run the apsedsklm switch --remote command.

    This command switches AEK key management from local keystore to the ISKLM server that is configured in the system. It also removes the local keystore. For uninterrupted operation of Cloud Pak for Data System, ensure that the ISKLM server is always reachable from the system. 

    Example usage:
    [apadmin@e1n1]# apsedsklm switch --remote
    SKLM Connection Successful..
    Switching appliance from local to SKLM.
    Exporting Key to SKLM..
    { "keyuuid" : "KEY-9cc5b9a-24484c92-ebd8-45fc-a25c-88afe27ceb70" }
    Export Key Successful..
    Copying keystate file to all nodes..
    Deleting Local Keystore on all nodes..
    Successfully switched to SKLM...
    Please find log at /var/log/appliance/platform/sedsupport/apsedsklm.log