SANtricity 11.8 Commands ( CA08871-194 ~ 196 )

Import storage Array security key

The import storageArray securityKey file command unlocks one or more full disk encryption (FDE) drives that you have moved from one storage system to another storage system.

Supported Series

If external key management is enabled, then this command applies only to the HB2100/HB2200/HB2300, HB5100/HB5200, AB6100, or AB3100 series. If internal key management is enabled, then the command applies to any individual storage system, as long as all SMcli packages are installed.

Roles

To execute this command on an HB2100/HB2200/HB2300, HB5100/HB5200, AB6100, or AB3100 storage system, you must have the Security Admin role.

Context

Only the drives with the matching security key are unlocked. After they are unlocked, the security key for the new storage system is applied.

This command applies to both internal and external key management.

Syntax

import storageArray securityKey file="fileName"
passPhrase="passPhraseString"
[forceOverwrite=(TRUE|FALSE)]

Parameters

Parameter Description

file

The file path and the file name that has the original security key of the imported FDE drives. For example:

file="C:\Program Files\CLI\sup\drivesecurity.slk"

The file name must have an extension of .slk.

passPhrase

The character string that provides authentication for the security key.

forceOverwrite

If this parameter is set to TRUE, the import will force overwriting the FDE key when the import would normally not be allowed, such as when one controller is absent or failed. By default, the force overwrite parameter is set to FALSE.

Notes

The controller firmware creates a lock that restricts access to the FDE drives. FDE drives have a state called Security Capable. When you create a security key, the state is set to Security Enabled, which restricts access to all FDE drives that exist within the storage system.

Your pass phrase must meet these criteria:

  • Must be between eight and 32 characters long.

  • Must contain at least one uppercase letter.

  • Must contain at least one lowercase letter.

  • Must contain at least one number.

  • Must contain at least one non-alphanumeric character, for example < > @ +.

If your pass phrase does not meet these criteria, you will receive an error message and will be asked to retry the command.

Minimum firmware level

11.70.1 added the forceOverwrite parameter.

Top of Page