Key Management - Cisco AJ732A - MDS 9134 Fabric Switch Configuration Manual
Cisco mds 9000 family storage media encryption configuration guide - release 4.x (ol-18091-01, february 2009)
Hide thumbs
Also See for AJ732A - Cisco MDS 9134 Fabric Switch:
- Command reference manual (1640 pages) ,
- Configuration manual (700 pages) ,
- Messages manual (518 pages)
Table of Contents
Advertisement
About Cisco Storage Media Encryption
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Key Management
Cisco Key Management Center (KMC) provides essential features such as key archival, secure export
and import, and key shredding.
Key management features include the following:
•
•
•
•
•
•
The centralized key lifecycle management includes the following:
•
•
The Cisco KMC provides dedicated key management for Cisco SME, with support for single and
multisite deployments. The Cisco KMC performs key management operations.
The Cisco KMC is either integrated or separated from Fabric Manager depending on the deployment
requirements.
Single site operations can be managed by the integration of the Cisco KMC in Fabric Manager. In
multisite deployments, the centralized Cisco KMC can be used together with the local Fabric Manager
servers that are used for fabric management. This separation provides robustness to the KMC and also
supports the storage media encryption deployments in different locations sharing the same Cisco KMC.
Figure 1-2
A Cisco KMC is configured only in the primary data center and Fabric Manager servers are installed in
all the data centers to manage the local fabrics and provision storage media encryption. The storage
media encryption provisioning is performed in each of the data centers and the tape devices and backup
groups in each of the data centers are managed independently.
Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
1-4
Master key resides in smart cards.
Quorum (2 out of 5) of smart cards required to recover the master key.
Unique key per tape.
Keys reside in clear-text only inside a FIPS boundary.
Tape keys and intermediate keys are wrapped by the master key and deactivated at the Key
Management Center.
Option to store tape keys on tape media.
Archive, shred, recover, and distribute media keys.
–
Integrated into Fabric Manager Server.
–
Secure transport of keys.
End-to-end key management using HTTPS/SSL/SSH.
Access controls and accounting.
–
Use of existing AAA mechanisms.
–
shows how Cisco KMC is separated from Fabric Manager for a multisite deployment.
Chapter 1
Product Overview
OL-18091-01, Cisco MDS NX-OS Release 4.x
Advertisement
Table of Contents
Troubleshooting
