Set Up Federated Security Wizard: Configure EFS

Use this page to create and configure an encrypted file system (EFS) for PowerHA® SystemMirror. This task is optional for configuring federated security.

PowerHA SystemMirror uses an EFS keystore to maintain the details of users and groups in a cluster. This keystore file is stored either on a shared file system or in a Lightweight Directory Access Protocol (LDAP). You must create the EFS keystore before you create or an add EFS to the cluster.

start of changeConfiguring EFS adds a layer of security by encrypting all user information in the registry. You can configure EFS to encrypt user information for either type of registry. Using EFS also enables users to encrypt their data through the use of credentials in a keystore specific to a user.end of change

Fields

If you specify to set up EFS, provide the following configuration information:
EFS keystore mode
Select the location for storing EFS keystore information.
LDAP
start of changeIf you selected LDAP as the registry type for authentication, this option is the default value and you cannot change it.end of change
Shared file system
start of changeIf you selected local as the registry type for authentication, this option is the default option and you cannot change it.end of change
start of changeEFS admin passwordend of change
Specify the EFS administrator password to access the database that stores security information for the cluster. The password must consist of only alphanumeric characters.
Volume group for EFS keystore
Select a volume group from the list of available concurrent volume groups in the cluster. Select the volume group that is the location of the shared file system that contains the EFS keystore.

You can select this option for the keystore only when you select the Shared file system value for the EFS keystore mode property.

Service IP label or IP address
Select a service IP label or IP address to which to export the EFS keystore as the Network File System (NFS) mount for the cluster.

You can select this option for the keystore only when you select the Shared file system value for the EFS keystore mode property.

For more information about changing an EFS keystore, see the Changing an encrypted file system (EFS) configuration topic in the AIX® Information Center.