SANtricity 11.8 Commands ( CA08871-194 ~ 196 )

Export storage Array security key

The export storageArray securityKey command saves a drive security key to a file.

Supported Series

If external key management is enabled, then this command applies only to the HB2100/HB2200/HB2300, HB5100/HB5200, AB6100, and AB3100 series. If internal key management is enabled, then the command applies to any individual storage system, as long as all SMcli packages are installed.

Roles

To execute this command on an HB2100/HB2200/HB2300, HB5100/HB5200, AB6100, or AB3100 storage system, you must have the Security Admin role.

Context

When the key file is exported from one storage system, that key can be imported into another storage system. This enables you to move security-capable drives between storage systems.

This command applies to both internal and external key management.

Syntax

export storageArray securityKey
passPhrase="passPhraseString"
file="fileName"

Parameters

Parameter Description

passPhrase

A character string that encrypts the security key so that you can store the security key in an external file. Enclose the pass phrase in double quotation marks (" ").

file

The file path and the file name to which you want to save the security key. For example:

file="C:\Program Files\CLI\sup\drivesecurity.slk"

The file name must have an extension of .slk.

Notes

The storage system to which you will be moving drives must have drives with a capacity that is equal to or greater than the drives that you are importing.

The controller firmware creates a lock that restricts access to the full disk encryption (FDE) drives. FDE drives have a state called Security Capable. When you create a security key, the state is set to Security Enabled, which restricts access to all FDE drives that exist within the storage system.

Your pass phrase must meet these criteria:

  • Must be between eight and 32 characters long.

  • Must contain no whitespace.

  • Must contain at least one uppercase letter.

  • Must contain at least one lowercase letter.

  • Must contain at least one number.

  • Must contain at least one non-alphanumeric character, for example, < > @ +.

If your pass phrase does not meet these criteria, you will receive an error message and will be asked to retry the command.

Top of Page