In System Manager, click Hosts > NVMe Subsystem and then click Add.

Add the NVMe subsystem name, and select the storage VM and host operating system.

Enter the Host NQN.

Select Require Transport Layer Security (TLS) next to the Host NQN.

Provide the pre-shared key (PSK).

Click Save.

To verify that TLS secure channel is enabled, select System Manager > Hosts > NVMe Subsystem > Grid > Peek view.

Add an NVMe subsystem host that supports TLS secure channel. You can provide a pre-shared key (PSK) using the tls-configured-psk argument, or use a generated PSK using the tls-generated-psk argument:

vserver nvme subsystem host add -vserver <svm_name> -subsystem <subsystem> -host-nqn <host_nqn> {-tls-configured-psk <key_text> | -tls-generated-psk true}

Verify that the NVMe subsystem host is configured for TLS secure channel. You can optionally use the tls-key-type argument to only display hosts that are using that key type:

vserver nvme subsystem host show -vserver <svm_name> -subsystem <subsystem> -host-nqn <host_nqn> -tls-key-type {none|configured|generated}

Verify that the NVMe subsystem host controller is configured for TLS secure channel. You can optionally use any of the tls-key-type, tls-identity, or tls-cipher arguments to only display the controllers that have those TLS attributes:

vserver nvme subsystem controller show -vserver <svm_name> -subsystem <subsystem> -host-nqn <host_nqn> -tls-key-type {none|configured|generated} -tls-identity <text> -tls-cipher {none|TLS_AES_128_GCM_SHA256|TLS_AES_256_GCM_SHA384}