ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • security key-manager external modify-server

    Modify key server properties

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    This command modifies configuration information for configured key management servers. When modifying a key management server from the external key manager associated with the admin Vserver, you must run the same command specifying the same set of parameters on the peer cluster. When modifying a key management server from a data Vserver, you can run the security key-manager external modify-server command on the active cluster only as the command is replicated on the peer cluster. However, if the password associated with a key management server is modified, then you must run the security key-manager external modify-server command specifying the same password on the peer cluster as the password is not replicated between clusters. This command is supported only when external key manager has been enabled for the given Vserver.

    Parameters

    -vserver <vserver name> - Vserver Name

    Use this parameter to specify the Vserver on which to modify the key management server configuraiton.

    -key-server <Hostname and Port> - External Key Server

    Use this parameter to specify the primary key management server for which the command modifies the configuration.

    [-secondary-key-servers <Remote InetAddress>,…​] - Secondary Key Servers

    Use this parameter to specify the secondary key management servers that will be members of the set of clustered key servers. When specifying a secondary key server, a port number cannot be associated with the secondary key server.

    [-timeout <integer>] - Key Server I/O Timeout

    Use this parameter to specify the I/O timeout, in seconds, for the selected key management server.

    [-username <text>] - Authentication User Name

    Use this parameter to specify the username with which Data ONTAP authenticates with the key management server.

    Examples

    The following example modifies the I/O timeout to 45 seconds for Vserver cluster-1, key server keyserver1.local:

    cluster-1::> security key-manager external modify-server -vserver cluster-1 -key-server keyserver1.local -timeout 45

    The following example modifies the username and passphrase used to authenticate with key server keyserver1.local:

    cluster-1::> security key-manager external modify-server -vserver cluster-1 -key-server keyserver1.local -username ksuser
    Enter the password:
    Reenter the password:

    The following example modifies the secondary key management servers secondarykeyserver1.local and secondarykeyserver2.local to be in a cluster configuration with the primary key management server keyserver1.local

    cluster-1::> security key-manager external modify-server -vserver cluster-1 -key-server keyserver1.local -secondary-key-servers secondarykeyserver1.local,secondarykeyserver2.local
    Top of Page