Migrating A Kmc Server - Cisco AJ732A - MDS 9134 Fabric Switch Configuration Manual

Migrating a KMC Server

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Operation: ABORT_REKEY_MASTER_KEY
rekey"
Description: A re-key operation has been aborted.
cannot be aborted, the failure is logged.
Details:
SUCCESS:
FAILURE:
-------------------------------------
Operation: GET_MASTER_KEY_SHARE
retrieved"
Description: When storing master key shares on smartcards, the share
is verified as being written correctly by reading the share and
comparing.
Details:
SUCCESS:
label> smartcard serial number: <serial number> GUID: <guid>"
FAILURE:
label> smartcard serial number: <serial number> GUID: <guid> error:
<description>"
-------------------------------------
Operation: REKEY_CLONE_WRAP_KEYS
group wrap keys"
Description: Part of Master Key re-key involves cloning wrap keys and
re-wrapping them with the new master key.
that cloning and re-wrap operation.
Details:
SUCCESS:
FAILURE:
Migrating a KMC Server
To migrate a KMC server, follow these steps:
Migrate all keys to the new KMC server. Refer to the backup and restore procedures outlined in
Step 1
Appendix E, "Database Backup and Restore."
After restoring the database, install Fabric Manager in the new KMC server and point the Fabric
Step 2
Manager to the database. This ensures that all the keys are maintained across the KMC migration.
Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
6-48
""
"error: <description>"
This logs the result of that GET operation.
"share index: <share index> smartcard label: <smartcard
"share index: <share index> smartcard label: <smartcard
"<count> keys of <total count> cloned successfully"
"<count> keys of <total count> cloned successfully"
Chapter 6
Logged as: "Abort master key
If the operation
Logged as: "Master key share
Logged as: "Clone tape volume-
This logs the result of
OL-18091-01, Cisco MDS NX-OS Release 4.x
Cisco SME Key Management