Manualshelf

Brocade Fabric OS Command Reference - Supporting Fabric OS v7.0.1 (53-1002447-01, March 2012)

ManualsBrandsHP ManualsStorageBrocade 8/24c Power Pack+ SAN Switch for BladeSystem c-Class
1111111211131114111511161117111811191120
1090 Fabric OS Command Reference
53-1002447-01
Encryption commands and permissions
A
Virtual Fabric commands are further constrained by one of the following switch types:
- All Switches (All) = Command can be run in any switch context.
- Base Switch (BS) = Command can be run only on the base switch.
- Default Switch (DS) = Command can be run only on the default switch.
- N/A = Switch type is not applicable to the command.
- Chassis context (CH) = Command applies to the chassis on which it is executed.
- Switch and Chassis context (VF/CH) = Command applies to the switch and the chassis.
- Disallowed = Command cannot be executed when Virtual Fabrics are enabled.
5. Command-specific: Checks whether the command is supported on the platform for which it is
targeted.
Encryption commands and permissions
There are two system RBAC roles that are permitted to perform encryption operations.
Admin and SecurityAdmin
Users authenticated with the Admin and SecurityAdmin RBAC roles may perform cryptographic
functions assigned to the FIPS Crypto Officer, including the following:
- Perform encryption node initialization.
- Enable cryptographic operations.
- Manage critical security parameters (CSPs) input and output functions.
- Zeroize encryption CSPs.
- Register and configure a key vault.
- Configure a recovery share policy.
- Create and register recovery share.
- Encryption group- and clustering-related operations.
- Manage keys, including creation, recovery, and archiving functions.
Admin and FabricAdmin
Users authenticated with the Admin and FabricAdmin RBAC roles may perform routine encryption
switch management functions including the following:
- Configure virtual devices and crypto LUN.
- Configure LUN/tape associations.
- Perform re-keying operations.
- Perform firmware download.
- Perform regular Fabric OS management functions.
Refer to Table 7 for the RBAC permissions of the encryption configuration commands. The commands
listed in this table are subcommands to the cryptoCfg command.
TABLE 7 Encryption command RBAC availability and Admin Domain type
Command name User Admin Oper SW
Admin
Zone
Admin
Fabric
Admin
BS
Admin
Sec
Admin
Admin
Domain
Context Switch
type
addgroupmember NOMNNNONOMDisallowed VF DS
addhaclustermember NOMNNNOMNODisallowed VF DS
addinitiator NOMNNNOMNODisallowed VF DS