Migrating From Cisco Kmc To Rkm - Cisco AJ732A - MDS 9134 Fabric Switch Configuration Manual

Migrating From Cisco KMC to RKM

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
The confirmation window displays the RKM server IP address and the RKM port number.
Migrating From Cisco KMC to RKM
You can use RKM at the time of Cisco SME installation, or you can choose to deploy Cisco SME with
the integrated Cisco KMC later. If RKM is deployed after Cisco KMC has been used alone, you need to
perform an explicit key migration procedure before using RKM with Cisco SME.
This section describes the procedure for migrating encryption keys, wrap keys, and encryption policy
information from Cisco KMC to RKM.
The migration procedure will differ when Cisco KMC uses the PostgresSQL database or the Oracle
Note
Express database for the key catalog. These differences are documented wherever applicable.
To migrate keys from the Cisco KMC to RKM, follow these steps:
Suspend all backup applications and jobs.
Step 1
The migration procedure temporarily suspends access to keys, so the execution of backup operations
must be suspended until the migration is completed.
Back up the key database.
Step 2
We recommend that you back up the key database before performing the migration. The backup
procedure should have been previously tested to help ensure the correct restoration of the keys in case
any problems arise during migration.
Export all volume group keys in the cluster.
Step 3
Each volume group export will generate a separate password-protected file. The password-protected
files contain the keys to be imported in RKM.
Shut down the Cisco Fabric Manager, which shuts down the Cisco KMC.
Step 4
This step prevents any key operation from being performed during migration.
Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
D-8
Appendix D RSA Key Manager and Cisco SME
OL-18091-01, Cisco MDS NX-OS Release 4.x