Rekeying Tape Volume Groups - Cisco AJ732A - MDS 9134 Fabric Switch Configuration Manual

Key Management Operations
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Click Confirm to begin the import process or click Back to choose another volume group file.
Step 5
The imported keys in tape volume groups are read-only by default. However, if the entry
Note
"sme.retain.imported.key.state=true" is set in the conf/smeserver.properties file and the FM server is
restarted, the state of the imported keys are retained and both read and write operations can be
performed.

Rekeying Tape Volume Groups

Tape volume groups can be rekeyed periodically to ensure better security and also when the key security
has been compromised.
In the unique key mode, the rekey operation generates a new tape volume group wrap key. The current
tape volume group wrap key is archived. The current media keys remain unchanged, and the new media
keys are wrapped with the new tape volume group wrap key.
In the shared key mode, the rekey operation generates a new tape volume group wrap key and a new tape
volume group shared key. The current tape volume group wrap key is archived while the current tape
volume group shared key remain unchanged (in active state).
The volume groups can be rekeyed monthly even if you do not use the unique key mode.
To rekey tape volume groups, follow these steps:
In the Fabric Manager Web Client navigation pane, select Volume Groups to display the volume groups
Step 1
in the cluster.
Select one or more volume groups.
Step 2
Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
6-14
Chapter 6 Cisco SME Key Management
OL-18091-01, Cisco MDS NX-OS Release 4.x