ONTAP 9.14.1 commands

security key-manager external modify-server

Modify key server properties

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

This command modifies configuration information for configured key management servers. When modifying a key management server from the external key manager associated with the admin Vserver, you must run the same command specifying the same set of parameters on the peer cluster. When modifying a key management server from a data Vserver, you can run the security key-manager external modify-server command on the active cluster only as the command is replicated on the peer cluster. However, if the password associated with a key management server is modified, then you must run the security key-manager external modify-server command specifying the same password on the peer cluster as the password is not replicated between clusters. This command is supported only when external key manager has been enabled for the given Vserver.

Parameters

-vserver <vserver name> - Vserver Name

Use this parameter to specify the Vserver on which to modify the key management server configuraiton.

-key-server <Hostname and Port> - External Key Server

Use this parameter to specify the primary key management server for which the command modifies the configuration.

[-secondary-key-servers <Remote InetAddress>,…​] - Secondary Key Servers

Use this parameter to specify the secondary key management servers that will be members of the set of clustered key servers. When specifying a secondary key server, a port number cannot be associated with the secondary key server.

[-timeout <integer>] - Key Server I/O Timeout

Use this parameter to specify the I/O timeout, in seconds, for the selected key management server.

[-username <text>] - Authentication User Name

Use this parameter to specify the username with which Data ONTAP authenticates with the key management server.

[-create-remove-timeout <integer>] - Key Server Timeout for Create and Remove

Use this parameter to specify a shorter I/O timeout, in seconds, to be used for create and delete operations for the selected key management server.

Examples

The following example modifies the I/O timeout to 45 seconds for Vserver cluster-1, key server keyserver1.local:

cluster-1::> security key-manager external modify-server -vserver cluster-1 -key-server keyserver1.local -timeout 45

The following example modifies the username and passphrase used to authenticate with key server keyserver1.local:

cluster-1::> security key-manager external modify-server -vserver cluster-1 -key-server keyserver1.local -username ksuser
Enter the password:
Reenter the password:

The following example modifies the secondary key management servers secondarykeyserver1.local and secondarykeyserver2.local to be in a cluster configuration with the primary key management server keyserver1.local

cluster-1::> security key-manager external modify-server -vserver cluster-1 -key-server keyserver1.local -secondary-key-servers secondarykeyserver1.local,secondarykeyserver2.local
Top of Page