Key Management Settings; Tape Recycling - Cisco AJ732A - MDS 9134 Fabric Switch Configuration Manual
Cisco mds 9000 family storage media encryption configuration guide - release 4.x (ol-18091-01, february 2009)
Hide thumbs
Also See for AJ732A - Cisco MDS 9134 Fabric Switch:
- Command reference manual (1640 pages) ,
- Configuration manual (700 pages) ,
- Messages manual (518 pages)
Table of Contents
Advertisement
Key Management Settings
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Key Management Settings
When creating a tape volume group, you will need to determine whether to enable or disable the key
management settings.
Table 6-2
purged if a particular setting is chosen. All key settings are configured at the cluster level.
Table 6-2
Shared
Unique Key
Unique Key with
Key-On-Tape
Tape Recycling
If Tape Recycling is enabled, old keys for the tape volume are purged from Cisco KMC when the tape
is relabeled and new key is created and synchronized to the Cisco KMC. This setting should be selected
when you do not need the old keys for previously backed-up data that will be rewritten.
Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
6-4
provides a description of the key settings, considerations, and the type of keys that can be
Key Management Settings
Description
In shared key mode, only tape volume
group keys are generated. All tape
volumes that are part of a tape volume
group share the same key.
In unique key mode, each individual
tape has it's own unique key.
The default value is enabled.
In the key-on-tape mode, each unique
tape volume key is stored on the
individual tape.
You can select key-on-tape (when you
select unique key mode) to configure
the most secure and scalable key
management system.
The default value is disabled.
When key-on-tape mode is
Note
enabled, the keys stored on
the tape media are encrypted
by the tape volume group
wrap key.
Chapter 6
Cisco SME Key Management
Considerations
Cisco KMC key database—Is smaller
storing only the tape volume group keys.
Security—Medium. A compromise to one
tape volume group key will compromise
the data in all tapes that are part of that tape
volume group.
Purging—Available only at the volume
group level
Cisco KMC key database—Is larger
storing the tape volume group keys and
every unique tape volume key.
Security—High. A compromise to a tape
volume key will not compromise the
integrity of data on other tape volumes.
Purging—Available at the volume group
and volume level.
Cisco KMC key database— Increases
scalability to support a large number of
tape volumes by reducing the size of the
Cisco KMC key database. Only the tape
volume group keys are stored on the Cisco
KMC.
Security—High. A compromise to a tape
volume key will not compromise the
integrity of data on other tape volumes.
Purging—Available at the volume group
level.
OL-18091-01, Cisco MDS NX-OS Release 4.x
Advertisement
Table of Contents
Troubleshooting
