Managing Authentication Verification Entities (AVEs)

Unisphere supports the configuration of Authentication Verification Entities (AVEs) on NVMe-oF/TCP.

Prerequisites

Changes to the setting can be made only on an embedded guest and only when NVMe secure provisioning restrictions are enabled.

About this task

AVEs provide a scalable authentication mechanism between a NVMe host and the NVMe subsystem for provisioning secrets.

Steps

Select to open the Settings panel.
Select Security > AVE.
The following information about AVEs is listed:
- Name—The AVE name, represented by the text AVE and an index, for example, AVE 1, AVE 2
- AVE NQN—The NVMe Qualified Name (NQN) of the AVE
- TLS Hash—A comma-separated string of the TLS hashes selected.
Do one of the following:
- To create an AVE, complete the following steps:
  - Click Create.
  - Configure values for the following fields:
    - AVE NQN—The NVMe Qualified Name (NQN) of the AVE
    - TLS Hash—A multi selection of the TLS Hash supported
    - Secret—A secret, which must follow the following regular expression format: ^DHHC-1:\d{2}:[A-Za-z0-9+/]+=*:$
    - Primary IP Address—An IPv4 or IPv6 address
    - Primary Port—A port in the range of 1-65535
    - Secondary IP Address—(Optional) An IPv4 or IPv6 address
    - Secondary Port—(Optional) A port in the range of 1-65535
    - Tertiary IP Address—(Optional) An IPv4 or IPv6 address
    - Tertiary Port—(Optional) A port in the range of 1-65535
    - Quaternary IP Address—(Optional) An IPv4 or IPv6 address
    - Quaternary Port—(Optional) A port in the range of 1-65535
- To modify an existing AVE, complete the following steps:
  - Select the AVE and click Modify.
  - Edit one or more properties of the AVE, and click OK.
    NOTE: You cannot edit the Secret value.
- To delete an AVE, complete the following steps:
  - Select the AVE and click Delete.
    NOTE: If the AVE index is being referenced in an existing security profile, then you cannot delete it.
Click Close.