Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
The Encryption Settings Database Accessibility Monitor Provider may be used to periodically verify the server's ability to read the contents of the encryption settings database without relying on any caching that the cipher stream provider might normally use.
In the event that any problem is detected, this monitor provider will raise an alarm and generate an administrative alert to notify administrators of conditions that may cause the encryption settings database to be unreadable on a server restart. Further, after a prolonged outage, it may optionally take action to prevent access to encrypted data, including shutting down the server or entering lockdown mode.
The Encryption Settings Database Accessibility Monitor Provider component inherits from the Monitor Provider
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| enabled | |
| check-frequency | |
| prolonged-outage-duration | |
| prolonged-outage-behavior |
| Description | A description for this Monitor Provider |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the Monitor Provider is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The frequency with which this monitor provider should confirm the ability to access the server's encryption settings database. |
| Default Value | 5 minutes |
| Allowed Values | A duration. Lower limit is 1 milliseconds. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The minimum length of time that an outage should persist before it is considered a prolonged outage. If an outage lasts at least as long as this duration, then the server will take the action indicated by the prolonged-outage-behavior property. |
| Default Value | 12 hours |
| Allowed Values | A duration. Lower limit is 1 milliseconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The behavior that the server should exhibit after a prolonged period of time when the encryption settings database remains unreadable. |
| Default Value | none |
| Allowed Values | none - Indicates that the server should not take any additional action after a prolonged outage. issue-alert - Indicates that the server should issue another alert notification after a prolonged outage. enter-lockdown-mode - Indicates that the server should enter lockdown mode after a prolonged outage. shut-down-server - Indicates that the server should shut itself down after a prolonged outage. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Monitor Providers:
dsconfig list-monitor-providers
[--property {propertyName}] ...
To view the configuration for an existing Monitor Provider:
dsconfig get-monitor-provider-prop
--provider-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Monitor Provider:
dsconfig set-monitor-provider-prop
--provider-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Encryption Settings Database Accessibility Monitor Provider:
dsconfig create-monitor-provider
--provider-name {name}
--type encryption-settings-database-accessibility
--set enabled:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Monitor Provider:
dsconfig delete-monitor-provider
--provider-name {name}