Cisco MDS 9000 Family Storage Media Encryption Configuration Guide - Release 4.x (OL-18091-01, February 2009)
Send documentation comments to mdsfeedback-doc@cisco.com
6-48
Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
OL-18091-01, Cisco MDS NX-OS Release 4.x
Chapter 6 Cisco SME Key Management
Migrating a KMC Server
Operation: ABORT_REKEY_MASTER_KEY Logged as: "Abort master key
rekey"
Description: A re-key operation has been aborted. If the operation
cannot be aborted, the failure is logged.
Details:
SUCCESS: ""
FAILURE: "error: <description>"
-------------------------------------
Operation: GET_MASTER_KEY_SHARE Logged as: "Master key share
retrieved"
Description: When storing master key shares on smartcards, the share
is verified as being written correctly by reading the share and
comparing. This logs the result of that GET operation.
Details:
SUCCESS: "share index: <share index> smartcard label: <smartcard
label> smartcard serial number: <serial number> GUID: <guid>"
FAILURE: "share index: <share index> smartcard label: <smartcard
label> smartcard serial number: <serial number> GUID: <guid> error:
<description>"
-------------------------------------
Operation: REKEY_CLONE_WRAP_KEYS Logged as: "Clone tape volume-
group wrap keys"
Description: Part of Master Key re-key involves cloning wrap keys and
re-wrapping them with the new master key. This logs the result of
that cloning and re-wrap operation.
Details:
SUCCESS: "<count> keys of <total count> cloned successfully"
FAILURE: "<count> keys of <total count> cloned successfully"
Migrating a KMC Server
To migrate a KMC server, follow these steps:
Step 1 Migrate all keys to the new KMC server. Refer to the backup and restore procedures outlined in
Appendix E, “Database Backup and Restore.”
Step 2 After restoring the database, install Fabric Manager in the new KMC server and point the Fabric
Manager to the database. This ensures that all the keys are maintained across the KMC migration.