Use this task to create, view, or remove Encrypted File
System (EFS) properties for the cluster.
PowerHA® SystemMirror uses an EFS
keystore to maintain the details of users and groups in a cluster.
This keystore file is stored either on a shared file system or in
a Lightweight Directory Access Protocol (LDAP). You must create the
EFS keystore before you create or an add EFS to the cluster.
Configuring EFS adds a layer of security
by encrypting all user information in the registry. You can configure
EFS to encrypt user information for either type of registry. Using
EFS also enables users to encrypt their data through the use of credentials
in a keystore specific to a user.
To manage EFS for the cluster, select EFS management from the View list at the top of the page.
You can view any current EFS configuration properties for the cluster
from this page. If EFS is not configured, click Setup EFS to configure EFS for the cluster.
Click
Remove EFS to delete any existing
EFS configuration information for the cluster.
Note: Removing the
EFS configuration deletes the EFS keystore information from the cluster.
However, the EFS keystore definition remains in the LDAP server and
in the /var/efs directory on each node. All file
systems for the cluster that have encryption enabled are dependent
on the EFS keystore. You must remove all dependent file systems from
the cluster before you remove the EFS configuration and keystore.
Fields
- EFS keystore mode
- Select the location for storing EFS keystore information.
- LDAP
- If an LDAP server and client connection are defined for the cluster,
the value for this property is set to LDAP.
- Shared file system
- If an LDAP connection is not defined, the value for this property
is set to shared file system.
EFS admin password
- Specify the EFS administrator password to access the database
that stores security information for the cluster. The password must
consist of only alphanumeric characters.
- Volume group for EFS keystore
- Select a volume group from the list of available concurrent volume
groups in the cluster. Select the volume group that is the location
of the shared file system that contains the EFS keystore.
You
can select this option for the keystore only when you select the Shared
file system value for the EFS keystore mode property.
- Service IP label or IP address
- Select a service IP label or IP address to which to export the
EFS keystore as the Network File System (NFS) mount for the cluster.
You can select this option for the keystore only
when you select the Shared file system value for
the EFS keystore mode property.
For more information about
changing an EFS keystore, see the Changing an encrypted file system (EFS) configuration topic
in the AIX® Information Center.