HP Cisco MDS 9120 Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 118
Key Management Settings, Tape Recycling
View all HP Cisco MDS 9120 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 118 highlights
Key Management Settings Chapter 6 Cisco SME Key Management Send documentation comments to [email protected] Key Management Settings When creating a tape volume group, you will need to determine whether to enable or disable the key management settings. Table 6-2 provides a description of the key settings, considerations, and the type of keys that can be purged if a particular setting is chosen. All key settings are configured at the cluster level. Table 6-2 Key Management Settings Description Considerations Shared In shared key mode, only tape volume group keys are generated. All tape volumes that are part of a tape volume group share the same key. Cisco KMC key database-Is smaller storing only the tape volume group keys. Security-Medium. A compromise to one tape volume group key will compromise the data in all tapes that are part of that tape volume group. Purging-Available only at the volume group level Unique Key In unique key mode, each individual tape has it's own unique key. The default value is enabled. Cisco KMC key database-Is larger storing the tape volume group keys and every unique tape volume key. Security-High. A compromise to a tape volume key will not compromise the integrity of data on other tape volumes. Purging-Available at the volume group and volume level. Unique Key with Key-On-Tape In the key-on-tape mode, each unique tape volume key is stored on the individual tape. You can select key-on-tape (when you select unique key mode) to configure the most secure and scalable key management system. The default value is disabled. Note When key-on-tape mode is enabled, the keys stored on the tape media are encrypted by the tape volume group wrap key. Cisco KMC key database- Increases scalability to support a large number of tape volumes by reducing the size of the Cisco KMC key database. Only the tape volume group keys are stored on the Cisco KMC. Security-High. A compromise to a tape volume key will not compromise the integrity of data on other tape volumes. Purging-Available at the volume group level. Tape Recycling If Tape Recycling is enabled, old keys for the tape volume are purged from Cisco KMC when the tape is relabeled and new key is created and synchronized to the Cisco KMC. This setting should be selected when you do not need the old keys for previously backed-up data that will be rewritten. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-4 OL-18091-01, Cisco MDS NX-OS Release 4.x