Selecting Master Key Security Levels - Cisco AJ732A - MDS 9134 Fabric Switch Configuration Manual
Cisco mds 9000 family storage media encryption configuration guide - release 4.x (ol-18091-01, february 2009)
Hide thumbs
Also See for AJ732A - Cisco MDS 9134 Fabric Switch:
- Command reference manual (1640 pages) ,
- Configuration manual (700 pages) ,
- Messages manual (518 pages)
Table of Contents
Advertisement
Chapter 4
Cisco SME Cluster Management
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Selecting Master Key Security Levels
There are three master key security levels: Basic, Standard, and Advanced. Standard and Advanced
security levels require smart cards.
You cannot modify the cluster security level after a cluster is created. Before confirming the cluster
Caution
creation, you will be prompted to review the cluster details. At that time, you can return to modify the
security level.
For information on cluster security, see the
Note
section on page 1-13
Table 4-1
Security Level
Basic
Standard
Advanced
Note
For Basic and Standard security modes, one user should hold the Cisco SME Administrator and the
Cisco SME Recovery Officer roles.
In the Master Key Security screen, select the cluster security type you wish to use. You can choose any
of the following security levels:
•
•
•
OL-18091-01, Cisco MDS NX-OS Release 4.x
and the
"Master Key Security Modes" section on page
Master Key Security Levels
Definition
The master key is stored in a file and encrypted with a password. To retrieve the
master key, you need access to the file and the password.
Standard security requires one smart card. When you create a cluster and the
master key is generated, you are prompted to insert the smart card into the smart
card reader. The master key is then written to the smart card. To retrieve the
master key, you need the smart card and the smart card pin.
Advanced security requires 5 smart cards. When you create a cluster and select
Advanced security mode, you designate the number of smart cards (2 or 3 of 5
smart cards or 2 of 3 smart cards) that are required to recover the master key when
data needs to be retrieved. For example, if you specify 2 of 5 smart cards, then
you will need 2 of the 5 smart cards to recover the master key. Each smart card is
owned by a Cisco SME Recovery Officer.
The greater the number of required smart cards to recover the master key,
Note
the greater the security. However, if smart cards are lost or if they are
damaged, this reduces the number of available smart cards that could be
used to recover the master key.
Selecting Basic Security, page 4-6
Selecting Standard Security, page 4-6
Selecting Advanced Security, page 4-7
Creating a Cisco SME Cluster Using the Cisco SME Wizard
Table 4-1
describes the master key security levels.
"Cisco Storage Media Encryption Security Overview"
Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
6-3.
4-5
Advertisement
Table of Contents
Troubleshooting
