Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsStorageHP SN8000B 4-slot SAN Director Switch

131

132

133

134

135

136

137

138

139

140

112 Fabric OS Encryption Administrator’s Guide

53-1002159-03

Overview

This chapter explains how to use the command line interface (CLI) to configure a Brocade

Encryption Switch, or an FS8-18 Encryption blade in a DCX or DCX-4S to perform data encryption.

This chapter assumes that the basic setup and configuration of the Brocade Encryption Switch

(BES), DCX, or DCX-4S has been done as part of the initial hardware installation, including setting

the management port IP address.

For command syntax and description of parameters, refer to the Fabric OS Command Reference

Manual.

Command validation checks

Before a command is executed, it is validated against the following checks.

1. Active or Standby availability: on enterprise-class platforms, checks that the command is

available on the Control Processor (CP).

2. Role Based Access Control (RBAC) availability: checks that the invoking user’s role is permitted

to invoke the command. If the command modifies system state, the user's role must have

modify permission for the command. If the command only displays system state, the user's role

must have observe permission for the command. Some commands both observe and modify

system state and thus require observe-modify permission. The following RBAC permissions are

supported:

• O = observe

• OM = observe-modify

• N = none/not available

3. Admin Domain availability: checks that the command is allowed in the currently selected

Admin Domain. For information on Admin Domain concepts and restrictions, refer to the Fabric

OS Administrator’s Guide.

Admin Domain Types are one or more of the following. If more than one AD type is listed for a

command, the AD type is option-specific. Display options may be allowed, but set options may

be subject to Admin Domain restrictions.

4. PortMember: allows all control operations only if the port or the local switch is part of the

current AD. View access is allowed if the device attached to the port is part of the current AD.

SwitchMember

Allowed to execute only if the local switch is part of the current AD.

Allowed

Allowed to execute in all ADs.

PhysFabricOnly

Allowed to execute only in AD255 context (and the user should own

access to AD0-AD255 and have admin RBAC privilege).

Disallowed

Allowed to execute in AD0 or AD255 context only; not allowed in

AD1-AD254 context.

AD0Disallowed

Allowed to execute only in AD255 and AD0 (if no ADs are configured).

AD0Only

Allowed to execute only in AD0 when ADs are not configured.

Command-specific

Checks whether the command is supported on the platform for which

it is targeted.