Command Option Supporting Option Effective Result
spxconfig -submit Finalizes configuration and starts up ICDES.
-save Saves the configuration
over the current running configuration (restart required to take effect)
-revert Discards all config
changes not saved.
-l [empty] Sets the trial license.
-l # Sets the license key.
-m:n [m:n] Set M of N
configuration. -guiurl [URL] Sets the GUI URL. -guiport [PORT] Sets the GUI port. -opmemlimit [value] Value is the number of
MB of memory that will be used for journaling. Value must be an
integer between 0 and available memory. -opdisklimit [value] Value is the number of
GB of disk space used for journaling. Value must be an integer between 0 and available local disk space.
-portnum1 [port #] The [port #] is the port that will used by the browser based GUI to communicate with the command line functions. -portnum2 [port #] Set port number 2. -informpct # Set the Inform alert to
the input percentage. -warnpct # Set the Warn alert to
input percentage. -minorpct # Set to Minor alert to
input percentage. -majorpct # Set the Major alert to
input percentage. -critpct # Set the Critical alert
to the input percentage.
IBM Cloud Data Encryption Services Administrative Guide 62 Command Option Supporting Option Effective Result
spxconfig (cont.)
-share [#] Reports configured share number path, encrypted filename status and read order. -share [#] -path [path] Set the path for each
share. -share [#] -hashed
[yes/no]
Set yes for hashed file names.
-share [#] -readorder [1- N]
Set the reorder.
-share [#] -type
[network/local]
Sets the type of share
-share [#] -network [user name] [password]
Creates credential to access network share
-keypath [key path] Set the path for the server key.
-print Display all pending
settings.
-running Display all current
settings.
-version Display the current
version.
-kmip Prints current KMIP
configuration.
-kmip_ip ‘ip address’ Sets the IP address of KMIP server.
-kmip_port ‘port’ Sets the port of the
KMIP server.
-kmip_cacert ‘cacertpath’ Sets the SSL CA file for KMIP.
-kmip_cert ‘certpath’ Sets the SSL
certificate for KMIP. -kmip_key ‘keypath’ Sets the SSL key for
KMIP.
-kmip ‘on/off’ Enables or disables
KMIP.
-validate_kmip Checks if KMIP
connection works.
-snmp Prints current SNMP
configuration.
-snmp_ip ‘ip address’ Sets the IP address of SNMP server.
-snmp_username ‘username’ Sets the SNMP username.
-snmp_password ‘password’ Sets the SNMP password. -snmp_engine_id ‘engine id’ Sets the SNMP engine
id.
-snmp_mib ‘path’ Sets the path to where
IBM Cloud Data Encryption Services Administrative Guide 63 Command Option Supporting Option Effective Result
-snmp ‘on/off’ Enables or disables SNMP.
-validate_snmp Tests SNMP
capabilities.
-tpm Reports password and
TPM status enabled/disable. -tpm_pass ‘password’ Sets the passphrase
used for sealing data with the TPM.
-tpm ‘on/off’ Enables or disables TPM
usage.
-validate_tpm Test TPM capabilities;
reports TPM test succeed/fail.
-stanbyshare ‘path’ Sets the standby share path
-enablestandby ‘#’ Takes share number offline and sets share to standby. Requires restart to take effect. -disablestandby ‘#’ Turns shares back
online and copies standby share files to the share location. Requires restart to take effect.
-standby Prints current shares
in standby.
spxenc -e [PATH_1], [PATH_2],
[PATH_3] … List of directories to be encrypted -d [PATH_1], [PATH_2], [PATH_3] … Decrypts paths.
-uninstall Prepares all processed files for software uninstall.
spxinfo -l Lists items being
monitored.
-s Displays current status
of transformed data.
spxrestore -all Restores all shares.
-stub Restores stub files.
-share [#] Restores requested
share.
spxshare -share [#] Display share status. -share [#] -status Turn share [#] on or
IBM Cloud Data Encryption Services Administrative Guide 64 Command Option Supporting Option Effective Result
[on/off] off.
-all Display all share
status.
spxlog -service Select service log.
-alert Select alert log.
-gui Select GUI service log.
-restore Select restore log.
-n ### Displays number of most recent lines.
-clear Clears the log selected.
spxcapacity -all Prints capacity report for all share paths -share [SHARE_PATH] Prints capacity report
for given share path.
-enc Prints capacity report
for all shares of the given path.
spxnotifytest Run the test program.
spxmonitor Not documented
-available Prints all available space (in GB) under protection.
-used Print all used space
(in GB) in protected directories.
spxbackup [BACKUP DIRECTORY] Backup all the data needed to start up on another server
(workgroup keys, configuration).
spxperformance --ws, --write-sequential Write Sequential Test. --wr, --write-random Write Random Test. --rs, --read-sequential Read Sequential Test. --rr, --read-random Read Random Test.
--a, --all All tests are run,
including fsync test. --as, --all-sized All tests run:
read/write
IBM Cloud Data Encryption Services Administrative Guide 65 Command Option Supporting Option Effective Result
-l, --log [VALUE]
(Required) Folder to where log will be located.
-b, --blocksize [VALUE]
(Required) Block size to be used. -c, --count [VALUE] (Required) Number of blocks to use. -d, --numthread [VALUE] (Required) Number of threads to run. -n, --numtest [VALUE] (Required) Number of times to run tests. -f, --fsync Partial caching to be
cleared (fsync). -p, --path
[PATH]
Folder to where tests will be run.
spxrollback Reverts to a previous
version and requires a system restart.
spxreload [BACKUP DIRECTORY] Restores configuration backed up by prior use
of “spxbackup” command.
Reloads keys, registry, and databases from a backup file.
IBM Cloud Data Encryption Services Administrative Guide 66
Appendix VII: Glossary
Term Definition
Advanced Encryption Standard 256- bit key (AES-256)
Specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001;
encryption protocol used by Cloud Data Encryption Services.
Command-Line Interface (CLI) Type of interaction Cloud Data Encryption Services where the user issues commands to the application in the form of text lines (command lines).
Cryptographically splitting The process of splitting and reassembling the bits in a byte of data using cryptographic techniques. Processed The state of data that is encrypted and randomly
split
Data Protection Properties The Cryptographic Data Splitting; includes some combination of encrypting, authenticating and or the splitting of data for fault tolerance using the M of N construct.
Dedicated Storage Storage that is used by only one server at a time. Disaster Recovery (DR) The process, policies and procedures that are
related to preparing for recovery or continuation of technology infrastructure which are vital to an organization after a natural or human-induced disaster
Fault Tolerance A property that enables a system to continue operating properly in the event of the failure of (or one or more faults within) some of its components Graphical User Interface (GUI) A type of user interface that
allows users to interact with Cloud Data Encryption Services through graphical icons as opposed to text-based interfaces and typed commands
Hashed Term to describe the scrambling of characters of a
file or folder object name
High Availability (HA) System operations continue even if components fail because of redundancy (redundant power supplies, CPUs, drives, software, etc.)
Hot Spare In storage, it is a disk that is held in reserve as an active device by the system RAID configuration in case of a disk failure, in which the spare is then added to the working portion.
Hot Swap In computers, it is the action of replacing a system component without shutting down the system. Journaling The process of recording instructions to be made
by Cloud Data Encryption Services to the shares either in memory or on disk to be performed later. Just a Bunch of Disks (JBOD) A quantity of disks that are chained together in
order to provide a large storage space; no fault tolerance
IBM Cloud Data Encryption Services Administrative Guide 67
Term Definition
KMIP KMIP stores and controls Managed Objects such
as Symmetric and Asymmetric keys, Certificates, and user defined objects. Clients then use protocol to access these objects subject to a security model that is implemented by the Servers. Objects have core Base Object properties such as key length and value, as well as extended Attributes that can include user defined attributes. KMIP is a network protocol rather than an application programming interface. It has a binary format consisting of nested Tag, Type, Length and Value (TTLV) structures. The TTLV may optionally be wrapped in HTTPS, and is mandated for link level security in
communication between clients and servers. M of N (M:N) A construct model of data that designates N as the
number of pieces (shares) that data is split into, while M is the minimum number of those pieces required to reassemble that data.
Protected Any data that has been processed by Cloud Data
Encryption Services.
RAID A storage technology that combines multiple disk
drive components into a logical unit for the purposes of data redundancy and performance improvement; data is distributed across the drives in one of several ways, referred to as RAID levels, depending on the specific level of redundancy and performance required
SecureParser® The suite of FIPS 140-2 validated cryptographic data splitting technology.
Share Location on the operating system pointing to
storage on drives, which could be RAID storage, JBOD, or a single drive.
Shared Storage Storage that is used by more than one server at a time.
SKLM Security Key Lifecycle Manager (An IBM product)
SKU Stock-keeping unit
SNMP A common protocol for managing any device on an
IP network. Typical devices are servers, routers, switches, workstations, printers, modems, etc. Solid State Drive (SSD) A data storage device using integrated
circuit assemblies as memory to store data persistently
Stub file Referred to as the meta data in the file system that points to the actual data that is stored elsewhere in the shares.
TPM Trusted Platform Module - A small hardware device
attached to other devices to encrypt keys or other items.
Part Number: 16-20101-I02-20 Rev A7 Printed in the USA