Cisco MDS 9000 Family Storage Media Encryption Configuration Guide - Release 4.x (OL-18091-01, February 2009)
Send documentation comments to mdsfeedback-doc@cisco.com
2-10
Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
OL-18091-01, Cisco MDS NX-OS Release 4.x
Chapter 2 Getting Started
Before You Begin
Table 2-1 shows a description of the Cisco SME roles and the number of users that should be considered
for each role.
Ta b l e 2-1 Cisco SME Roles and Responsibilities
Cisco SME Role
Master Key
Security Mode
Required # of Users for This
Role
What Operations is This Role
Responsible For?
Cisco SME
Administrator
Basic mode
Standard mode
One user should hold the
Cisco SME Administrator
and the Cisco SME
Recovery officer roles.
One per VSAN is the
minimum for day to day
operations; must have
access to all VSANs (if
there are many VSANs and
multiple VSAN
administrators are
assigned, then Cisco SME
administrators, then there
may be one Cisco SME
Administrator per VSAN
for key recovery
operations.
• Cisco SME management
• Tape management
• Export/Import tape volume
groups
Cisco SME KMC
Administrator
Basic mode
Standard mode
The number of users is the
same as for the Cisco SME
Administrator role.
• Key Management operations
• Archive/purge volumes
• Add/remove volume groups
• Import/export volume
groups
• Rekey/replace smart cards
Cisco Storage
Administrator
Basic mode
Standard mode
The number of users is the
same as for the Cisco SME
Administrator role.
• Cisco SME provisioning
operations
• Create/update/delete cluster
• Create/update/delete tape
backup groups
• Add/remove tape devices
• Create volume groups
• View smart cards
Cisco SME
Recovery Officer
Advanced mode Five users (one for each
smart card).
Each smart card holder
must be present during the
cluster creation to provide
the user login and
password information and
smart card pin.
• Master key recovery
• Replace smart card