what are the steps for using MSDP Encryption
- 6 years ago
Excerpt from our build doc :
# Make absolutely sure encryption at rest and in transit is always enabled
ENCRYPT_TMP=/tmp/encrypt.tmp
if [ -f ${ENCRYPT_TMP} ];then rm ${ENCRYPT_TMP};fi
grep "^ENCRYPTION = 0" /usr/openv/lib/ost-plugins/pd.conf > /dev/null
if [ $? -eq 0 ];then
echo Enabling encryption at rest.
sed 's/^ENCRYPTION = 0/ENCRYPTION = 1/g' /usr/openv/lib/ost-plugins/pd.conf > ${ENCRYPT_TMP}
mv /usr/openv/lib/ost-plugins/pd.conf /usr/openv/lib/ost-plugins/pd.conf_`date +"%m%d%y%H%M%S"`
mv ${ENCRYPT_TMP} /usr/openv/lib/ost-plugins/pd.conf
fi
grep "^OPTDUP_ENCRYPTION = 0" /usr/openv/lib/ost-plugins/pd.conf > /dev/null
if [ $? -eq 0 ];then
echo Enabling encryption in transit.
sed 's/^OPTDUP_ENCRYPTION = 0/OPTDUP_ENCRYPTION = 1/g' /usr/openv/lib/ost-plugins/pd.conf > ${ENCRYPT_TMP}
mv /usr/openv/lib/ost-plugins/pd.conf /usr/openv/lib/ost-plugins/pd.conf_`date +"%m%d%y%H%M%S"`
mv ${ENCRYPT_TMP} /usr/openv/lib/ost-plugins/pd.conf
fiYou could also do this via the CLISH if you want. Settings-->Deduplication-->Tune ENCRYPTION enable
Settings-->Deduplication-->Tune OPTDUP_ENCRYPTION enable