Cisco MDS 9000 Family Storage Media Encryption Configuration Guide - Release 4.x (OL-18091-01, February 2009)

ManualsBrandsHP ManualsStorageCisco MDS 9140 Multilayer Fabric Switch Chassis

161

162

163

164

165

166

167

168

169

170

Send documentation comments to mdsfeedback-doc@cisco.com

7-4

Cisco MDS 9000 Family Storage Media Encryption Configuration Guide

OL-18091-01, Cisco MDS NX-OS Release 4.x

Chapter 7 Using the Command Line Interface to Configure SME

Setting the SME Cluster Security Level

• Volume tape groups

• Tape compression

To create an SME cluster, follow these steps:

Setting the SME Cluster Security Level

There are 3 levels of security: Basic, Standard, and Advanced. Standard and Advanced security levels

require smart cards.

To set the SME cluster security level, follow these steps:

Command Purpose

Step 1

switch# config t

Enters configuration mode.

Step 2

switch(config)# sme cluster

clustername1

switch(config-sme-cl)#

Specifies the cluster name and enters SME cluster

configuration submode. A cluster name can include a

maximum of 32 characters.

Step 3

switch(config-sme-cl)# fabric f1

Adds fabric f1 to the cluster.

Ta b l e 7-1 Master Key Security Levels

Security Level Definition

Basic The master key is stored in a file and encrypted with a password. To retrieve the

master key, you need access to the file and the password.

Standard Standard security requires one smart card. When you create a cluster and the

master key is generated, you are asked for the smart card. The Master key is then

written to the smart card. To retrieve the master key, you need the smart card and

the smart card pin.

Advanced Advanced security requires five smart cards. When you create a cluster and select

Advanced security mode, you designate the number of smart cards (two or three

of five smart cards or two of three smart cards) that are required to recover the

master key when data needs to be retrieved. For example, if you specify two of

five smart cards, then you will need two of the five smart cards to recover the

master key. Each smart card is owned by a Cisco SME Recovery Officer.

Note The greater the number of required smart cards, the greater the security.

However, if smart cards are lost or if they are damaged, this reduces the

number of available smart cards that could be used to recover the master

key.

Command Purpose

Step 1

switch# config t

Enters configuration mode.