Home > Storage > PowerScale (Isilon) > Product Documentation > Data Protection > Dell PowerScale SyncIQ: Architecture, Configuration, and Considerations > Import keys and apply SyncIQ settings
To import keys:
scp root@[target cluster IP]:/ifs/data/[Directory specified in Generate keys]/target_cluster_cert.pem /ifs/data/[Directory specified in Generate keys]/
isi cert auth import ./target_cluster_cert.pem –-name TargetCluster_Self-Signed
isi sync cert peer import ./target_cluster_cert.pem --name=[Specify a descriptive certificate name]
isi sync cert server import ./source_cluster_cert.pem ./source_cluster_key.key --name=[Specify a name for the source server certificate] –set-certificate-key-password [Passphrase for the private key created in Generate keys, step 1.c]
Make a note of the full certificate ID, from the ID field.
isi sync settings modify --cluster-certificate-id=[full certificate ID from the previous step]
Note: Running this command affects existing SyncIQ policies that may not have encryption enabled. Only run this command after all existing policies have encryption enabled. Otherwise, existing policies that do not have encryption enabled will fail.
On the source cluster, require encryption globally for all SyncIQ policies:
isi sync settings modify --encryption-required=true
scp root@[source cluster IP]:/ifs/data/[Directory specified in Generate keys]/source_cluster_cert.pem /ifs/data/[Directory specified in Generate keys]/
isi cert auth import ./source_cluster_cert.pem --name SourceCluster_Self-Signed
isi sync cert peer import ./source_cluster_cert.pem --name=[Specify a descriptive certificate name]
isi sync cert server import ./target_cluster_cert.pem ./target_cluster_key.key --name=[Specify a name for the target server certificate] –set-certificate-key-password [Passphrase for the private key created in Generate keys, step 2.c]
isi sync cert server list
Make a note of the appropriate truncated certificate ID, from the ID column.
isi sync cert server view [truncated certificate ID from step a]
Make a note of the full certificate ID, from the ID field.
isi sync settings modify --cluster-certificate-id=[full certificate ID from the previous step]
Note: Running this command affects existing SyncIQ policies that may not have encryption enabled. Only run this command after all existing policies have encryption enabled. Otherwise, existing policies that do not have encryption enabled will fail.
On the target cluster, require encryption globally for all SyncIQ policies:
isi sync settings modify --encryption-required=true