Class IBMTSDS_EncryptionGroupService


CIM_ManagedElement
\_CIM_ManagedSystemElement
  \_CIM_LogicalElement
    \_CIM_EnabledLogicalElement
      \_CIM_Service


Description

The IBMTSDS_EncryptionGroupService provides methods that allow a client to configure Encryption Group in a storage system.

Subclasses


Referenced By

IBMTSDS_HostedEncryptionGroupService

Properties

IdTypeRangeDescription
Key
CreationClassName string
Max Length256
CreationClassName indicates the name of the class or the subclass that is used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified.
Name string
Max Length256
The Name property uniquely identifies the Service and provides an indication of the functionality that is managed. This functionality is described in more detail in the Description property of the object.
SystemCreationClassName string
Max Length256
The CreationClassName of the scoping System.
SystemName string
Max Length256
The Name of the scoping System.
Read Only
Read Write
 
Inherited from class CIM_ManagedElement
Caption, Description, ElementName
 
Inherited from class CIM_ManagedSystemElement
HealthState, InstallDate, Name, OperationalStatus, Status, StatusDescriptions
 
Inherited from class CIM_EnabledLogicalElement
EnabledState, OtherEnabledState, RequestedState, TimeOfLastStateChange, EnabledDefault
 
Inherited from class CIM_Service
Started, StartMode, PrimaryOwnerContact, PrimaryOwnerName
 

Method Summary

NameDescription
CreateEncryptionGroupThis method will create Encryption Group on the storage system.
CreateOrModifyEKMThis method will create or modify Encryption Key Manager on the storage system.
GetMaximumEKMNumberThis method will return the maximum number of EKM servers supported on the storage complex.
GetMaximumEncryptionGroupNumberThis method will return the maximum number of encryption group that the SFI can suppport.
RekeyEncryptionGroupThis method will rekey Encryption Group on the storage system with the given ID to have the given label or labels.
RemoveEKMThis method will remove Encryption Key Manager on the storage system.
RemoveEncryptionGroupThis method will remove Encryption Group on the storage system.
 
Inherited from class CIM_EnabledLogicalElement
RequestStateChange
 
Inherited from class CIM_Service
StartService, StopService
 

Method Detail


CreateEncryptionGroup

Description

This method will create Encryption Group on the storage system

Parameters

IdTypeRangeDescription
In
KeyLabel string
The KeyLabel of the encryption group. The administrator should get this information from EKM server configuration.
SecondaryKeyLabel string
The secondary KeyLabel of the encryption group. Not filling this property means the encryption group will have only one primary key label. The administrator should get the key label's information from EKM server configuration.
EncryptionGroupID uint16
The ID used to create the encryption group. If not specifying this, the encryption group ID will be chosen automatically.The encryption group ID must be less or equal to the maximum number of encryption group that the SFI can support. User can get that maximum number by calling the method getMaximumEncryptionGroupNumber.
EncryptionGroup IBMTSDS_EncryptionGroup
The reference of the encryption group that has been created.
out
EncryptionGroup IBMTSDS_EncryptionGroup
The reference of the encryption group that has been created.
Return Codes
none

CreateOrModifyEKM

Description

This method will create or modify Encryption Key Manager on the storage system. If there are multiple storage systems (SFI) on the storage complex, the created EKM will establish connection to all these storage systems.

Parameters

IdTypeRangeDescription
In
IPAddress string
The IP Address or the host name of the EKM to be create. If modifying Encryption Key Manager, this property will not be used.
Port uint32
The port of the EKM to be created. The default value in creating EKM is 3801. If modifying EncryptionKey Manager, this property will not be used.
Condition uint16
The condition value of the EKM. Active or INActive. This propertycanbe specified to create and modify Encryption Key Manager. The default value in creating EKM is 0 (Active).
EKMServer IBMTSDS_EncryptionKeyManager
The Object reference refered to the created EKM Server.If not null, modifies the referenced EKMServer. When returned, it is a reference to the resulting EKM Server.Only modifying condition property of EKMServer is supported.
out
EKMServer IBMTSDS_EncryptionKeyManager
The Object reference refered to the created EKM Server.If not null, modifies the referenced EKMServer. When returned, it is a reference to the resulting EKM Server.Only modifying condition property of EKMServer is supported.
Return Codes
none

GetMaximumEKMNumber

Description

This method will return the maximum number of EKM servers supported on the storage complex.

Parameters

IdTypeRangeDescription
In
maximumEKMNumber uint16
The maximum number of Encryption Key Manager supported on the storage complex.
out
maximumEKMNumber uint16
The maximum number of Encryption Key Manager supported on the storage complex.
Return Codes
none

GetMaximumEncryptionGroupNumber

Description

This method will return the maximum number of encryption group that the SFI can suppport.

Parameters

IdTypeRangeDescription
In
maximumEncryptionGroupNumber uint16
The maximum number of encryption group supported.
out
maximumEncryptionGroupNumber uint16
The maximum number of encryption group supported.
Return Codes
none

RekeyEncryptionGroup

Description

This method will rekey Encryption Group on the storage system with the given ID to have the given label or labels. This function can take zero, one, or two labels. If zero, the existing labels will be used to rewrap the keys. If one label is given, the group will be rekeyed to have that one label; if two labels are given, the group will be rekeyed to have those two labels.

Parameters

IdTypeRangeDescription
In
KeyLabel string
The optional Primary KeyLabel of the rekeyed encryption group. The administrator should get this information from EKM server configuration.When this property is not filled, SecondaryKeyLabel property can not be filled, which means the encryption group will be rekeyed with its existing labels. When this property is set, SecondaryKeyLabel property is optional.
SecondaryKeyLabel string
The optional Secondary KeyLabel of rekeyed encryption group. The administrator should get this information from EKM server configuration. Secondary Key Label must be different than Primary Key Label. Only if Primary Key Label is used, Secondary Key Label is optional. If only KeyLabel is set, the encryption group will be rekeyed to have only 1 label. If Secondary KeyLabel is also set, the encryption group will be rekeyed to have 2 label.
EncryptionGroup IBMTSDS_EncryptionGroup
The Object reference refered to the Encryption Group.When returned, it is a reference to the Encryption Group after re-key.
out
EncryptionGroup IBMTSDS_EncryptionGroup
The Object reference refered to the Encryption Group.When returned, it is a reference to the Encryption Group after re-key.
Return Codes
none

RemoveEKM

Description

This method will remove Encryption Key Manager on the storage system.If there are multiple storage systems (SFI) on the storage complex, all these storage systems will lose connection to the removed EKM.

Parameters

IdTypeRangeDescription
In
EKMServer IBMTSDS_EncryptionKeyManager
The Object reference refered to the to-be-deleted EKM Server.
out
none
Return Codes
none

RemoveEncryptionGroup

Description

This method will remove Encryption Group on the storage system. The input encryption group must exist in the storage system.

Parameters

IdTypeRangeDescription
In
EncryptionGroup IBMTSDS_EncryptionGroup
The reference of the Encryption Group that is to be removed.
out
none
Return Codes
none