ONTAP 9.15.1 commands

security key-manager external add-servers

Add external key management servers

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

This command adds the key management servers of the given hosts and ports to the given Vserver’s external key manager’s list of four possible key management servers. When adding key management servers to the external key manager associated with the admin Vserver, you must run the same command specifying the same set of key servers on the peer cluster. When adding key management servers to a data Vserver, you can run the security key-manager external add-servers command on the active cluster only, as the command is replicated to the peer cluster. However, you need to ensure that the key management servers specified are reachable from both clusters. This command is not supported if external key management is not enabled for the Vserver. Use this command to add primary key servers. To modify the list of secondary key servers associated with a primary key server, use the security key-manager external modify-server command.

Parameters

-vserver <vserver name> - Vserver Name

Use this parameter to specify the Vserver on which to add the key management servers.

-key-servers <Hostname and Port>,…​ - External Key Management Servers

Use this parameter to specify the list of additional key management servers that the external key manager uses to store keys.

Examples

The following example adds two key management servers to the list of servers used by the external key manager for Vserver cluster-1. The first key management server’s hostname is keyserver1.local and is listening on the default port 5696, and the second key management server’s IP is 10.0.0.20 and is listening on port 15696:

cluster-1::> security key-manager external add-servers -vserver cluster-1 -key-servers keyserver1.local, 10.0.0.20:15696
Top of Page