Key Hierarchy - Cisco AJ732A - MDS 9134 Fabric Switch Configuration Manual

Cisco mds 9000 family storage media encryption configuration guide - release 4.x (ol-18091-01, february 2009)

Hide thumbs Also See for AJ732A - Cisco MDS 9134 Fabric Switch:

Command reference manual (1640 pages)

Configuration manual (700 pages)

Messages manual (518 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

Table of Contents

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m

Cisco SME Key Management

This chapter contains information about Cisco Storage Media Encryption comprehensive key

management. It includes the following topics:

•

Key Hierarchy

Cisco SME includes a comprehensive and secure system for protecting encrypted data using a hierarchy

of security keys. The highest level key is the master key, which is generated when a cluster is created.

Every cluster has a unique master key. Using key wrapping, the master key encrypts the tape volume

group keys, which in turn encrypts the tape volume keys.

For recovery purposes, the master key can be stored in a password-protected file, or in one or more smart

cards. When a cluster state is Archived (the key database has been archived) and you want to recover the

keys, you will need the master key file or the smart cards. The master key cannot be improperly extracted

by either tampering with the MSM-18/4 module or by tampering with a smart card.

Keys are essential to safeguarding your encrypted data and should not be compromised. Keys should be

stored in the Cisco Key Management Center. See the

page 6-2

stored directly on the tape cartridge. The keys are identified across the system by a globally unique

identifier (GUID).

The Cisco SME key management system includes the following types of keys:

•

Every backup tape has an associated tape volume key, tape volume group key, and a master key.

OL-18091-01, Cisco MDS NX-OS Release 4.x

Key Hierarchy, page 6-1

Cisco Key Management Center, page 6-2

Master Key Security Modes, page 6-3

Key Management Settings, page 6-4

High Availability Key Management Center, page 6-5

Key Management Operations, page 6-7

Migrating a KMC Server, page 6-48

for information about the Cisco Key Management Center. In addition, unique tape keys can be

Master key

Tape volume group keys

Tape volume keys

C H A P T E R

"Cisco Key Management Center" section on

Cisco MDS 9000 Family Storage Media Encryption Configuration Guide

6-1

Table of Contents

Troubleshooting

This manual is also suitable for:

Ap775a - nexus converged network switch 5010 Ap776a - nexus converged network switch 5020 Cisco mds 9124 - fabric switch Cisco mds 9020 - fabric switch Cisco mds 9120 - fabric switch Cisco mds 9140 - fabric switch ... Show all

Key Hierarchy - Cisco AJ732A - MDS 9134 Fabric Switch Configuration Manual

Key Hierarchy

Troubleshooting

Related Manuals for Cisco AJ732A - Cisco MDS 9134 Fabric Switch

Related Content for Cisco AJ732A - Cisco MDS 9134 Fabric Switch

This manual is also suitable for:

Table of Contents