start of change

Managing Encrypted File System (EFS) properties

Use this task to create, view, or remove Encrypted File System (EFS) properties for the cluster.

PowerHA® SystemMirror uses an EFS keystore to maintain the details of users and groups in a cluster. This keystore file is stored either on a shared file system or in a Lightweight Directory Access Protocol (LDAP). You must create the EFS keystore before you create or an add EFS to the cluster.

start of changeConfiguring EFS adds a layer of security by encrypting all user information in the registry. You can configure EFS to encrypt user information for either type of registry. Using EFS also enables users to encrypt their data through the use of credentials in a keystore specific to a user.end of change

To manage EFS for the cluster, select EFS management from the View list at the top of the page.

You can view any current EFS configuration properties for the cluster from this page. If EFS is not configured, click Setup EFS to configure EFS for the cluster.

Click Remove EFS to delete any existing EFS configuration information for the cluster.
Note: Removing the EFS configuration deletes the EFS keystore information from the cluster. However, the EFS keystore definition remains in the LDAP server and in the /var/efs directory on each node. All file systems for the cluster that have encryption enabled are dependent on the EFS keystore. You must remove all dependent file systems from the cluster before you remove the EFS configuration and keystore.

Fields

EFS keystore mode
Select the location for storing EFS keystore information.
LDAP
If an LDAP server and client connection are defined for the cluster, the value for this property is set to LDAP.
Shared file system
If an LDAP connection is not defined, the value for this property is set to shared file system.
start of changeEFS admin passwordend of change
Specify the EFS administrator password to access the database that stores security information for the cluster. The password must consist of only alphanumeric characters.
Volume group for EFS keystore
Select a volume group from the list of available concurrent volume groups in the cluster. Select the volume group that is the location of the shared file system that contains the EFS keystore.

You can select this option for the keystore only when you select the Shared file system value for the EFS keystore mode property.

Service IP label or IP address
Select a service IP label or IP address to which to export the EFS keystore as the Network File System (NFS) mount for the cluster.

You can select this option for the keystore only when you select the Shared file system value for the EFS keystore mode property.

For more information about changing an EFS keystore, see the Changing an encrypted file system (EFS) configuration topic in the AIX® Information Center.

end of change