Manualshelf

Cisco MDS 9000 Family Storage Media Encryption Configuration Guide - Release 4.x (OL-18091-01, February 2009)

ManualsBrandsHP ManualsStorageCisco MDS 9140 Multilayer Fabric Switch Chassis
121122123124125126127128129130
Send documentation comments to mdsfeedback-doc@cisco.com
6-14
Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
OL-18091-01, Cisco MDS NX-OS Release 4.x
Chapter 6 Cisco SME Key Management
Key Management Operations
Step 5 Click Confirm to begin the import process or click Back to choose another volume group file.
Note The imported keys in tape volume groups are read-only by default. However, if the entry
“sme.retain.imported.key.state=true” is set in the conf/smeserver.properties file and the FM server is
restarted, the state of the imported keys are retained and both read and write operations can be
performed.
Rekeying Tape Volume Groups
Tape volume groups can be rekeyed periodically to ensure better security and also when the key security
has been compromised.
In the unique key mode, the rekey operation generates a new tape volume group wrap key. The current
tape volume group wrap key is archived. The current media keys remain unchanged, and the new media
keys are wrapped with the new tape volume group wrap key.
In the shared key mode, the rekey operation generates a new tape volume group wrap key and a new tape
volume group shared key. The current tape volume group wrap key is archived while the current tape
volume group shared key remain unchanged (in active state).
The volume groups can be rekeyed monthly even if you do not use the unique key mode.
To rekey tape volume groups, follow these steps:
Step 1 In the Fabric Manager Web Client navigation pane, select Volume Groups to display the volume groups
in the cluster.
Step 2 Select one or more volume groups.