Manualshelf

Cisco MDS 9000 Family Storage Media Encryption Configuration Guide - Release 4.x (OL-18091-01, February 2009)

ManualsBrandsHP ManualsStorageCisco MDS 9140 Multilayer Fabric Switch Chassis
71727374757677787980
Send documentation comments to mdsfeedback-doc@cisco.com
4-9
Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
OL-18091-01, Cisco MDS NX-OS Release 4.x
Chapter 4 Cisco SME Cluster Management
Creating a Cisco SME Cluster Using the Cisco SME Wizard
Specifying the Key Management Center Server
In the Key Management Server screen, you can choose the primary and the secondary key management
center servers from the drop-down menu. You can specify an IP address or a host name for the servers.
Click Next.
The dual server settings will be available after you configure the high availability settings in the Key
Manager Settings screen. For more information on the configuration, see the
“Choosing High
Availability Settings” section on page 6-5.
Ta b l e 4-2 Media Key Settings
Media Key Setting Definition
Use unique key per
media
In unique key mode, a unique key is issued for each tape volume. The default is
unique key mode.
Store key on tape If you choose unique key mode (see above), this mode allows you to store the
encrypted media key on the tape volume not in the Cisco KMC. This provides
better scaling when your backup environment includes a large number of tapes.
This is recommended for managing a large number of tape volume keys.
Key-on-tape mode is disabled by default.
Auto-volume
grouping
Cisco SME automatically creates a volume group and categorizes the appropriate
tape volumes encrypted under this group based on the backup application's
volume pool configuration.
Auto-volume grouping is disabled by default.
Compression Cisco SME can perform compression followed by encryption if this option is
selected.
Compression is enabled by default.
Note Compression will be enabled for a tape drive in one of two ways: (a)
configuration or (b) if the compression is not enabled through
configuration and the tape drive is enabled for compression, compression
is implicitly enabled for this tape drive.
Recycle Tapes Select this option to enable purging of the keys upon tape recycling.
When a tape is recycled or relabeled, a new key is generated and used for
encryption. Enabling this option purges the key that was used to encrypt data
before the tape was recycled.
Note This option must be disabled if the tapes are cloned offline without the
involvement of the backup application itself.
Tape recycling is enabled by default.