Assigning Cisco Sme Roles And Users - Cisco AJ732A - MDS 9134 Fabric Switch Configuration Manual

Preconfiguration Tasks
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
•
Note To learn about enabling these services, refer to

Assigning Cisco SME Roles and Users

The Cisco SME feature provides two primary roles: Cisco SME Administrator (sme-admin) and the
Cisco SME Recovery Officer (sme-recovery). The Cisco SME Administrator role also includes the Cisco
SME Storage Administrator (sme-stg-admin) and Cisco SME KMC Administrator (sme-kmc-admin)
roles.
To set up the roles and users, note the following guidelines:
•
•
•
•
•
To know more about the roles and their responsibilities refer to the
Roles and Cisco SME Users" section on page
roles, refer to the
9000 Family CLI Configuration Guide.
Creating Cisco SME Fabrics
When creating Cisco SME fabrics, note the following guidelines:
•
•
For more information, refer to the
page
Installing SSL Certificates
To create SSL certificates, do the following tasks:
•
•
Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
F-6
Set the FC Redirect version to 2 (if you are using SAN-OS Release 3.1(1a) or later, or NX-OS 4.x).
To learn more about enabling the version2 mode, refer to the
on page A-12.
Create the appropriate Cisco SME roles, that is, sme-admin and/or sme-stg-admin and
sme-kmc-admin, and sme-recovery in the Advanced Master Key Security mode.
Choose separate users for the sme-kmc-admin role and the sme-stg-admin role to split the
responsiblities of key management and SME provisioning. To combine these responsibilities into
one role, choose the stg-admin role.
Use the Fabric Manager to create users for sme-admin, sme-stg-admin, and sme-kmc-admin roles
as appropriate.
In the Advanced mode for the master key, create three or five users under the sme-recovery role.
Create users on the switches for all of these roles.
Cisco MDS 9000 Family Fabric Manager Configuration Guide
Add the Cisco SME fabrics using the Fabric Manager Web client. Modify the names to exclude
switch names from the fabric name.
The fabric name must remain constant. You cannot change the fabric name after you have configured
Cisco SME.
2-13.
Follow the procedure specified in
certificates on the switches and the KMC.
Use the same password at every step of the installation procedure to simplify the process.
Chapter 2, "Getting Started."
2-9. For detailed information on creating and assigning
"Adding a Fabric and Changing the Fabric Name" section on
Appendix C, "Provisioning Self-Sign Certificates,"
Appendix F Planning For Cisco SME Installation
"fc-redirect version2 enable" section
"Creating and Assigning Cisco SME
and the
OL-18091-01, Cisco MDS NX-OS Release 4.x
Cisco MDS
to install SSL