Release notes
Remove an external key manager connection in ONTAP
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
You can disconnect a KMIP server from a node when you no longer need the server. For example, you might disconnect a KMIP server when you are transitioning to volume encryption.
When you disconnect a KMIP server from one node in an HA pair, the system automatically disconnects the server from all cluster nodes.
|
If you plan to continue using external key management after disconnecting a KMIP server, make sure another KMIP server is available to serve authentication keys. |
You must be a cluster or SVM administrator to perform this task.
-
Disconnect a KMIP server from the current node:
For this ONTAP version…
Use this command…
ONTAP 9.6 and later
security key-manager external remove-servers -vserver SVM -key-servers host_name|IP_address:port,…ONTAP 9.5 and earlier
security key-manager delete -address key_management_server_ipaddressIn a MetroCluster environment, you must repeat these commands on both clusters for the admin SVM.
Learn more about
security key-manager external remove-serversandsecurity key-manager deletein the ONTAP command reference.The following ONTAP 9.6 command disables the connections to two external key management servers for
cluster1, the first namedks1, listening on the default port 5696, the second with the IP address 10.0.0.20, listening on port 24482:clusterl::> security key-manager external remove-servers -vserver cluster-1 -key-servers ks1,10.0.0.20:24482
