Manualshelf

Cisco MDS 9000 Family Storage Media Encryption Configuration Guide - Release 4.x (OL-18091-01, February 2009)

ManualsBrandsHP ManualsStorageCisco MDS 9140 Multilayer Fabric Switch Chassis
61626364656667686970
Send documentation comments to mdsfeedback-doc@cisco.com
4-5
Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
OL-18091-01, Cisco MDS NX-OS Release 4.x
Chapter 4 Cisco SME Cluster Management
Creating a Cisco SME Cluster Using the Cisco SME Wizard
Selecting Master Key Security Levels
There are three master key security levels: Basic, Standard, and Advanced. Standard and Advanced
security levels require smart cards.
Table 4-1 describes the master key security levels.
Caution You cannot modify the cluster security level after a cluster is created. Before confirming the cluster
creation, you will be prompted to review the cluster details. At that time, you can return to modify the
security level.
Note For information on cluster security, see the “Cisco Storage Media Encryption Security Overview”
section on page 1-13 and the “Master Key Security Modes” section on page 6-3.
Note For Basic and Standard security modes, one user should hold the Cisco SME Administrator and the
Cisco SME Recovery Officer roles.
In the Master Key Security screen, select the cluster security type you wish to use. You can choose any
of the following security levels:
Selecting Basic Security, page 4-6
Selecting Standard Security, page 4-6
Selecting Advanced Security, page 4-7
Ta b l e 4-1 Master Key Security Levels
Security Level Definition
Basic The master key is stored in a file and encrypted with a password. To retrieve the
master key, you need access to the file and the password.
Standard Standard security requires one smart card. When you create a cluster and the
master key is generated, you are prompted to insert the smart card into the smart
card reader. The master key is then written to the smart card. To retrieve the
master key, you need the smart card and the smart card pin.
Advanced Advanced security requires 5 smart cards. When you create a cluster and select
Advanced security mode, you designate the number of smart cards (2 or 3 of 5
smart cards or 2 of 3 smart cards) that are required to recover the master key when
data needs to be retrieved. For example, if you specify 2 of 5 smart cards, then
you will need 2 of the 5 smart cards to recover the master key. Each smart card is
owned by a Cisco SME Recovery Officer.
Note The greater the number of required smart cards to recover the master key,
the greater the security. However, if smart cards are lost or if they are
damaged, this reduces the number of available smart cards that could be
used to recover the master key.