Master Key Security Modes - Cisco AJ732A - MDS 9134 Fabric Switch Configuration Manual
Cisco mds 9000 family storage media encryption configuration guide - release 4.x (ol-18091-01, february 2009)
Hide thumbs
Also See for AJ732A - Cisco MDS 9134 Fabric Switch:
- Command reference manual (1640 pages) ,
- Configuration manual (700 pages) ,
- Messages manual (518 pages)
Table of Contents
Advertisement
Chapter 6
Cisco SME Key Management
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Master Key Security Modes
To recover encrypted data-at-rest from a specific tape, you need access to the keys that are created for
the specific tape cartridge. Because the master key is used to protect all other keys, Cisco SME provides
three master key security modes to protect the master key: Basic, Standard, and Advanced. During
cluster configuration, you designate the level of security for the master key.
master key security modes.
Basic security writes the encrypted master key to a disk. To unlock the master key, you need access to
the file. The file is encrypted and requires a password to retrieve the master key. The Standard and
Advanced security modes require the use of smart cards to access the master key. If you select Standard
security, you will need one smart card to unlock the master key. If you select Advanced security during
cluster configuration, you are prompted to set the minimum number of required smart cards that would
unlock the master key.
Table 6-1
Table 6-1
Security Level
Basic
Standard
Advanced
OL-18091-01, Cisco MDS NX-OS Release 4.x
describes the master key security modes.
Master Key Security Levels
Definition
The master key is stored in a file and encrypted with a password. To retrieve the
master key, you need access to the file and the password.
Standard security requires one smart card. When you create a cluster and the
master key is generated, you are asked for the smart card. The master key is then
written to the smart card. To retrieve the master key, you need the smart card and
the smart card pin.
Advanced security requires five smart cards. When you create a cluster and select
Advanced security mode, you designate the number of smart cards (two or three
of five smart cards or two of three smart cards) that are required to recover the
master key when data needs to be retrieved. For example, if you specify two of
five smart cards, then you will need two of the five smart cards to recover the
master key. Each smart card is owned by a Cisco SME Recovery Officer.
The greater the number of required smart cards to recover the master key,
Note
the greater the security. However, if smart cards are lost or if they are
damaged, this reduces the number of available smart cards that could be
used to recover the master key.
Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
Master Key Security Modes
Table 6-1
describes the three
6-3
Advertisement
Table of Contents
Troubleshooting
