Manualshelf

Cisco MDS 9000 Family Storage Media Encryption Configuration Guide - Release 4.x (OL-18091-01, February 2009)

ManualsBrandsHP ManualsStorageCisco MDS 9140 Multilayer Fabric Switch Chassis
261262263264265266267268269270
Send documentation comments to mdsfeedback-doc@cisco.com
D-9
Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
OL-18091-01, Cisco MDS NX-OS Release 4.x
Appendix D RSA Key Manager and Cisco SME
Migrating From Cisco KMC to RKM
Step 5 Run the following database scripts from the database administrative console:
For the key catalog on PostgresSQL, run postgres-kmc-rkm-pre-migrate.sql.
For the key catalog on Oracle Express, run oracle-kmc-rkm-pre-migrate.sql.
These scripts are packaged in Cisco Fabric Manager CD as of NX-OS Software Release 4.1(1).
Step 6 Install RKM on the system allocated for this purpose.
RKM can be installed and configured separately. Ensure that RKM is ready prior to the start of the
migration in order to decrease downtime.
Configure the certificates for RKM and identify the following certificate files:
sme_rkm_client.jks
sme_rkm_trust.jks
Step 7 Copy the two certificate files on the Cisco Fabric Manager Server system.
Copy the two files in the certificate store directory. Go to the SME tab on the Fabric Manager Web Client
and choose Key Manager Settings to view the actual directory.
Note The default certificate store (Windows) is at C:\Program Files\Cisco Systems\MDS 9000\conf\cert\.
Step 8 Start Cisco Fabric Manager, which starts Cisco KMC.
Step 9 Go to the SME tab on the Fabric Manager Web Client and choose Key Manager Settings.
Step 10 Select RSA as the key manager and configure the IP address and port for RKM.
Step 11 Go to the Accounting Log and monitor the log messages until “Synchronization Complete for Cluster”
is displayed.
Step 12 Create and import all the volume group keys from the password-protected files.
Step 13 Run the following post-migration scripts to delete the keys in the Cisco KMC key database:
For the key catalog previously on PostgresSQL, run postgres-kmc-rkm-post-migrate.sql
For the key catalog previously on Oracle Express, run oracle-kmc-rkm-post-migrate.sql
These scripts are packaged in the Cisco Fabric Manager CD as of NX-OS Software Release 4.1(1)
Step 14 Restart any backup applications and jobs that were deactivated or suspended before the migration.
Note In Cisco MDS 9000 SAN-OS Software Releases 3.2(3a) and 3.3(1a), the importing of the volume group
leaves all the keys in a deactivated (archived) state, and after the migration, the tapes can be restored but
cannot be used for active encryption.
Note In Cisco MDS 9000 NX-OS Software Release 4.1(1c) and later, the keys are restored in the same state
(active or deactivated) as before the migration.