Specifying The Key Management Center Server - Cisco AJ732A - MDS 9134 Fabric Switch Configuration Manual
Cisco mds 9000 family storage media encryption configuration guide - release 4.x (ol-18091-01, february 2009)
Hide thumbs
Also See for AJ732A - Cisco MDS 9134 Fabric Switch:
- Command reference manual (1640 pages) ,
- Configuration manual (700 pages) ,
- Messages manual (518 pages)
Table of Contents
Advertisement
Chapter 4
Cisco SME Cluster Management
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Table 4-2
Media Key Setting
Use unique key per
media
Store key on tape
Auto-volume
grouping
Compression
Recycle Tapes
Specifying the Key Management Center Server
In the Key Management Server screen, you can choose the primary and the secondary key management
center servers from the drop-down menu. You can specify an IP address or a host name for the servers.
Click Next.
The dual server settings will be available after you configure the high availability settings in the Key
Manager Settings screen. For more information on the configuration, see the
Availability Settings" section on page
OL-18091-01, Cisco MDS NX-OS Release 4.x
Media Key Settings
Definition
In unique key mode, a unique key is issued for each tape volume. The default is
unique key mode.
If you choose unique key mode (see above), this mode allows you to store the
encrypted media key on the tape volume not in the Cisco KMC. This provides
better scaling when your backup environment includes a large number of tapes.
This is recommended for managing a large number of tape volume keys.
Key-on-tape mode is disabled by default.
Cisco SME automatically creates a volume group and categorizes the appropriate
tape volumes encrypted under this group based on the backup application's
volume pool configuration.
Auto-volume grouping is disabled by default.
Cisco SME can perform compression followed by encryption if this option is
selected.
Compression is enabled by default.
Note
Compression will be enabled for a tape drive in one of two ways: (a)
configuration or (b) if the compression is not enabled through
configuration and the tape drive is enabled for compression, compression
is implicitly enabled for this tape drive.
Select this option to enable purging of the keys upon tape recycling.
When a tape is recycled or relabeled, a new key is generated and used for
encryption. Enabling this option purges the key that was used to encrypt data
before the tape was recycled.
This option must be disabled if the tapes are cloned offline without the
Note
involvement of the backup application itself.
Tape recycling is enabled by default.
6-5.
Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
Creating a Cisco SME Cluster Using the Cisco SME Wizard
"Choosing High
4-9
Advertisement
Table of Contents
Troubleshooting
