HP Cisco MDS 9124 Cisco MDS 9000 Family Storage Media Encryption Configuration
HP Cisco MDS 9124 - Fabric Switch Manual
View all HP Cisco MDS 9124 manuals
Add to My Manuals
Save this manual to your list of manuals |
HP Cisco MDS 9124 manual content summary:
- HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 1
Send documentation comments to [email protected] Cisco MDS 9000 Family Storage Media Encryption Configuration Guide, Release 4.x Cisco MDS NX-OS Release 4.1(3) February 2009 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www. - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 2
ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You Guide, Release 4.x © 2009 Cisco Systems, Inc. - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 3
Interface xvi Intelligent Storage Networking Services Configuration Guides xvi Troubleshooting and Reference xvi Installation and Balancing 1-6 SME Scalability 1-6 Cisco SME Terminology 1-7 Supported Topologies 1-8 Single-Fabric Topology 1-8 In-Service Software Upgrade in Cisco SME 1-9 Software and - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 4
-Redirect 2-17 Installing Smart Card Drivers 2-17 Obtaining and Installing Licenses 2-18 Cisco SME Configuration Overview 2-18 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide ii OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 5
Download Key File 4-12 Standard Security Confirmation and Stored Keyshares 4-13 Advanced Security Confirmation and Stored Keyshares 4-15 Deactivating and Purging a Cisco SME Cluster 4-20 OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 6
Switch Cluster Scenarios 4-31 Three-Switch Cluster Scenarios 4-32 Four-Switch Cluster Scenarios 4-33 In-Service Software Upgrade (ISSU) in a Two-Node Cluster 4-33 5 C H A P Modes 6-3 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide iv OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 7
Relationships 16 Removing Remote Replication Relationships 18 Basic Mode Master Key Download 6-19 Replacing Smart Cards 6-22 Standard Mode 6-22 Advanced and Disabling SME Clustering 7-2 Enabling and Disabling the Cisco SME Service 7-2 Creating the SME Interface 7-2 Deleting the SME Interface 7-3 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 8
SME Cluster 9-4 Reassigning the Cisco SME Cluster Master Switch 9-5 Troubleshooting General Issues 9-7 Troubleshooting Scenarios 9-7 A A P P E N D I X Cisco SME CLI Commands A-1 SME Commands A-1 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide vi OL-18091-01, Cisco MDS NX-OS - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 9
F-3 Communication F-3 Preinstallation Requirements F-4 Preconfiguration Tasks F-4 Installing Fabric Manager F-4 Configuring CFS Regions For FC-Redirect F-5 Enabling Cisco SME Services F-5 Assigning Cisco SME Roles and Users F-6 OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 10
@cisco.com Creating Cisco SME Fabrics F-6 Installing SSL Certificates F-6 Provisioning Cisco SME F-7 G A P P E N D I X Migrating Cisco SME Database Tables G-1 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide viii OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 11
/ps5989/prod_release_notes_list.html Table 1 summarizes the new and changed features as described in the Cisco MDS 9000 Family Storage Media Encryption Configuration Guide, each supported Cisco MDS SAN-OS release and NX-OS release for the Cisco MDS 9500 Series, with the latest release first. The - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 12
" Troubleshooting scenarios Two troubleshooting scenarios added. 4.1(3) Chapter 9, "Cisco SME Troubleshooting" Chapter 1, "Product Overview" FC-Redirect and CFS Regions Support for CFS Regions and Cisco 4.1(1c) Chapter 2, "Getting Configuration Guide x OL-18091-01, Cisco MDS NX-OS - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 13
Balancing Clustering offers target-based load 3.3(1c) Chapter 1, "Product balancing of Cisco SME services. Overview" Enabling Clustering Using Fabric Manager Change in Command Users can select enable to MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide xi - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 14
" Describes how to back up and restore Fabric Manager Server databases. 3.3(1c) Appendix E, "Database Backup and Restore" Cisco MDS 9000 Family Storage Media Encryption Configuration Guide xii OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 15
, and conventions of the Cisco MDS 9000 Family Storage Media Encryption Configuration Guide. The preface also provides information on how to obtain related documentation. Audience This guide is for experienced network administrators who are responsible for planning, installing, configuring - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 16
E Appendix F Appendix G Title Description Cisco SME Troubleshooting Describes basic troubleshooting methods used to resolve issues with Cisco SME. references to material not covered in the manual. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide xiv OL-18091-01, Cisco MDS NX - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 17
Software Compatibility Information • Cisco MDS 9000 Family Interoperability Support Matrix • Cisco MDS Storage Services Module Interoperability Support Matrix • Cisco MDS NX-OS Release Compatibility Matrix for Storage Service Interface Images Regulatory Compliance and Safety Information • Regulatory - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 18
Family Command Reference Intelligent Storage Networking Services Configuration Guides • Cisco MDS 9000 Family Data Mobility Manager Configuration Guide • Cisco MDS 9000 Family Secure Erase Configuration Guide - For Cisco MDS 9500 and 9200 Series Troubleshooting and Reference • Cisco MDS 9000 Family - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 19
Cisco Storage Media Encryption The Cisco SME solution is a comprehensive network-integrated encryption service with enterprise-class key management that works transparently with existing and new SANs. Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 1-1 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 20
Features, page 1-2 • Cisco SME Terminology, page 1-7 • Supported Topologies, page 1-8 • In-Service Software Upgrade in Cisco SME, page 1-9 Cisco Storage Media • SME Scalability, page 1-6 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 1-2 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 21
Cisco Storage Media Encryption Send documentation comments to [email protected] Transparent Fabric Service Cisco employs a Fibre Channel redirect scheme that automatically redirects the traffic flow to -OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 1-3 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 22
AAA mechanisms. The Cisco KMC provides dedicated key management for Cisco SME, with support for single and multisite deployments. The Cisco KMC performs key management operations. The Cisco 9000 Family Storage Media Encryption Configuration Guide 1-4 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 23
load balancing, failover capabilities, and a single point of management. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 1-5 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 24
target-based load balancing of Cisco SME application services. The cluster infrastructure allows the Cisco SME overhead and maximizing the overall throughput: • The SME application supports the batching of messages where messages of the same type Guide 1-6 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 25
of recovery officers are required to execute this operation. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 1-7 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 26
comments to [email protected] Supported Topologies Cisco SME supports a single-fabric topology. The any host and tape on the fabric can utilize the Cisco SME services. Required Cisco SME engines are included in the following Cisco products Guide 1-8 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 27
3.2(2c) or later, or Cisco NX-OS 4.x. Encryption and compression services are transparent to the hosts and storage devices. These services are available for devices in any virtual SANs (VSANs) in a physical NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 1-9 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 28
hardware and installing required hardware, refer to the specific installation guides. For information about ordering hardware, refer to http://www. 2-, and 4-Gbps Fibre Channel ports and four Gigabit Ethernet IP services ports. The MSM-18/4 module provides multiprotocol capabilities such as Fibre - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 29
9000 Family Switching and Services Modules. For additional information, refer to the Cisco MDS 9200 Series Hardware Installation Guide. Note The Cisco MDS 9020 switch Note Tape devices and tape libraries are not supported in these edge switches. OL-18091-01, Cisco MDS NX-OS Release - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 30
reader is attached. Note The smart card reader is supported on Windows-only platforms. Cisco SME Prerequisites This section For information on zoning, refer to the Cisco MDS 9000 Family CLI Configuration Guide. FC-Redirect Requirements FC-Redirect requirements include the following: • The MDS - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 31
and tape devices should not be part of an IVR zone set. • Advanced zoning capabilities like quality of service (QoS), logical unit number (LUN) zoning, and read-only LUNs must not be used for FC-Redirect MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 1-13 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 32
Cisco Storage Media Encryption Security Overview Chapter 1 Product Overview Send documentation comments to [email protected] 1-14 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 33
a computer that you want to use to provide centralized MDS management services and performance monitoring. The Cisco Key Management Center (Cisco KMC) is can download Fabric Manager. For information on installing Fabric Manager, see the Cisco MDS 9000 Family Fabric Manager Configuration Guide. For - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 34
9000 Family devices and third-party switches. Note Cisco SME configuration is supported in Fabric Manager Web Client only. • Fabric Manager Server-Must be Fabric Manager, refer to the Cisco MDS 9000 Fabric Manager Configuration Guide. Command Line Interface With the CLI, you can type commands at - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 35
To enable clustering using Fabric Manager, follow these steps: OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 2-3 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 36
enable. The default is noSelection. Note You can select enable on multiple switches, and then click Apply. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 2-4 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 37
column drop-down menu, select enable. Step 4 Click Apply. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 2-5 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 38
switch. Step 3 From the drop-down menu in the Command column, select enable. The default is noSelection. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 2-6 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 39
. From the Action column drop-down menu, select enable. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 2-7 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 40
IP address with all IP commands, such as ping, telnet, upload, and download. You must decide to use DNS completely or to use IP addresses fully DNS, refer to the "Configuring IP Services" chapter in the Cisco MDS 9000 Family CLI Configuration Guide. To verify that DNS is enabled everywhere - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 41
you can use sme.useIP. For information about sme.useIP, see Chapter 9, "Cisco SME Troubleshooting." IP Access Lists for the Management Interface Cluster communication requires the user of the Management interface -OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 2-9 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 42
the user login and password information and smart card pin. • Master key recovery • Replace smart card 2-10 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 43
Cisco SME Roles Using Fabric Manager For detailed information on creating and assigning roles, refer to the Cisco MDS 9000 Family Fabric Manager Configuration Guide. Note Cisco SME role names must begin with "sme". For example, valid role names could be sme-admin, sme-recovery, or sme-admin-vsan1 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 44
and Assigning Cisco SME Roles Using the CLI For detailed information on creating and assigning roles, refer to the Cisco MDS 9000 Family CLI Configuration Guide. To create a Cisco SME role or to modify the profile for an existing Cisco SME role, follow these steps: Step 1 Step 2 Step 3 Step 4 Step - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 45
installation information in the Cisco MDS 9000 Family Fabric Manager Configuration Guide. Adding a Fabric and Changing the Fabric Name You need to Cisco MDS SAN-OS Release 3.2(2c) or later, or Cisco NX-OS 4.x supports one cluster per switch. You will want to consider this during your planning. To - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 46
with a different seed switch, the fabric name will remain the same. If you do not manually change the fabric name and you reopen the fabric with a different seed switch, the fabric may Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 47
the main screen and view the new fabric name. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 2-15 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 48
installation as a Cisco key manager c. Select RSA if you want to choose the RSA key manager. 2-16 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 49
Regions The Fibre Channel redirect (FC-Redirect) feature uses Cisco Fabric Services (CFS) regions to distribute the FC-redirect configuration. By default, about CFS regions, refer to Cisco MDS 9000 Family CLI Configuration Guide. Guidelines for Designing CFS Regions For FC-Redirect To design CFS - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 50
drivers. You can find the Download link on the Fabric Manager Web Client. Note The smart card reader is only supported on Windows platforms. Obtaining the licensing chapter in the Cisco MDS 9000 Family CLI Configuration Guide. Cisco SME Configuration Overview Before configuring Cisco SME on your - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 51
Restrictions, page 2-20 • Cisco SME Configuration Limits, page 2-20 FICON Restriction Cisco SME is not supported on FICON devices and Cisco SME cluster devices cannot be part of a FICON VSAN. iSCSI Restriction OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 2-19 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 52
Send documentation comments to [email protected] FC-Redirect Restrictions FC-Redirect is not supported on the following switches: • Cisco MDS 9120 switch • Cisco MDS 9140 switch 20 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 53
Manager. For information on configuring and starting Cisco SME interfaces using the CLI, refer to the Cisco MDS 9000 Family CLI Configuration Guide. After completing the preliminary tasks described in Chapter 2, "Getting Started," you need to configure the Cisco SME interface on a Cisco MDS switch - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 54
click Create. Step 6 Open the Fabric Manager Web Client window to view the configured Cisco SME interfaces. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 3-2 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 55
interfaces or switches as described by the following scenario. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 3-3 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 56
switches and interfaces already configured in the cluster. Step 2 Click Add to display the Add Interface Wizard. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 3-4 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 57
interfaces that you would like to use. Click Next. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 3-5 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 58
, 0 incorrect read 38294 incompressible, 6 bad target responses last error at Fri Oct 26 15:04:52 2007 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 3-6 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 59
. Step 4 View the notification that the interface was removed. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 3-7 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 60
part of the cluster. Select the switch and click Remove. Step 3 Click OK to delete the switch. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 3-8 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 61
. Note The interface and the node are both removed. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 3-9 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 62
Deleting Switches From a Cisco SME Cluster Chapter 3 Cisco SME Interface Configuration Send documentation comments to [email protected] 3-10 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 63
Using Device Manager, page 4-29 • Cluster Quorum and Master Switch Election Overview, page 4-30 • In-Service Software Upgrade (ISSU) in a Two-Node Cluster, page 4-33 About SME Cluster Management An SME cluster NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-1 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 64
Settings, page 4-10 • Confirming the Cluster Creation, page 4-11 • Downloading Key File and Storing Keyshares, page 4-12 Launching Cisco SME Wizard To Fabric Manager Configuration Guide. . Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-2 OL-18091-01, Cisco MDS NX-OS - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 65
Cluster names must not contain spaces or special characters. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-3 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 66
about adding interfaces, see Chapter 3, "Cisco SME Interface Configuration." Note Cisco MDS SAN-OS Release 3.2(2c) or later, or Cisco NX-OS 4.x supports one cluster per switch. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-4 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 67
, page 4-6 • Selecting Standard Security, page 4-6 • Selecting Advanced Security, page 4-7 OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-5 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 68
, one Cisco SME Recovery Officer must be present to log in and enter the smart card PIN. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-6 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 69
card if the card has not been previously initialized. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-7 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 70
settings and definitions. For additional information on media key settings, see "Key Management Settings" section on page 6-4. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-8 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 71
, see the "Choosing High Availability Settings" section on page 6-5. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-9 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 72
. If enabled, specify the Trust Point from the drop-down menu. For more information about Trust Points, see the Cisco MDS 9000 Family CLI Configuration Guide. To enable Transport settings, select On. If On is selected in the Transport Setting, SSL is enabled on KMC with the following results: • New - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 73
is in progress until the entire configuration is applied. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-11 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 74
Downloading Key File and Storing Keyshares This section describes how to download level. • Basic Security Download Key File, page 4-12 Keyshares, page 4-15 Basic Security Download Key File For the basic security level to confirm it. Click Download. Step 2 A File Download screen prompts you to - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 75
were defined during the smart card initialization. Click Next. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-13 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 76
Close to return to the Fabric Manager Web Client and to view the smart card information. 4-14 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 77
the Confirmation screen, click Confirm to create the cluster. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-15 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 78
smart card. The PIN number and label were defined during the smart card initialization. Click Next. 4-16 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 79
PIN information for the second recovery officer. Click Next. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-17 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 80
Next. Step 7 Enter the switch credentials and PIN information for the fourth recovery officer. Click Next. 4-18 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 81
Manager Web Client to view the smart card information. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-19 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 82
can only purge a cluster that is in the deactivated state. This section covers the following topics: 4-20 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 83
view the notification that the cluster has been deactivated. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-21 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 84
4 Refresh the Fabric Manager Web Client to view the notification that the cluster has been purged. 4-22 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 85
switches and is reachable from the Fabric Manager Server. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-23 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 86
to display the cluster detail page. The transport settings details are displayed when SSL is selected. 4-24 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 87
settings in the cluster detail page by clicking Modify. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-25 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 88
SSL and choose a Trust Point from the drop-down menu. Click Apply to save the settings. 4-26 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 89
view the notification that the cluster has been modified. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-27 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 90
pane, select End Devices > SME Clusters. Step 2 Click the Members tab to view members in a cluster. 4-28 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 91
, and whether or not the cluster/fabric is local. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-29 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 92
View The cluster view is the set of switches that are part of the operational cluster. 4-30 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 93
the master (the master has the lower node ID). OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-31 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 94
. You may be required to follow the recovery procedures described in Chapter 9, "Cisco SME Troubleshooting" to bring S2 back into the cluster. Caution It is critical that you save the running Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 95
required to follow the recovery procedures described in Chapter 9, "Cisco SME Troubleshooting" to bring this switch back into the cluster. Caution It is allows you to deploy bug fixes and add new features and services without any disruption to the traffic. In a cluster comprising of Guide 4-33 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 96
In-Service Software Upgrade (ISSU) in a Two-Node Cluster Chapter 4 Cisco SME Cluster Management Send documentation comments to mdsfeedback- no additional commands need to be executed. 4-34 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 97
filter information in a volume group by specifying a barcode range. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 5-1 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 98
an active Cisco SME environment. Note Messages are logged to the switch when the tapes bypass encryption. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 5-2 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 99
used for preprovisioning. You can specify the devices later. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 5-3 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 100
the tape group. Click Next. Step 4 Select the hosts (backup servers) for the tape group. Click Next. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 5-4 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 101
will refresh to the Fabric Manger Server SME screen. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 5-5 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 102
part of the cluster. Select a tape group and click Remove. Click OK to delete the tape group. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 5-6 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 103
you would like to discover paths from. Click Next. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 5-7 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 104
that you would like to discover paths from. Click Next. Step 4 Select the tape drives. Click Next. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 5-8 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 105
to return to the Fabric Manager Server SME screen. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 5-9 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 106
to delete the tape device. Step 4 View the notification that the tape drive has been removed. 5-10 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 107
a tape device, follow these steps: Step 1 Select a tape device. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 5-11 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 108
the appropriate fabric and enter the VSAN, initiator and target WWNs, and the LUN. Click Next. 5-12 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 109
path and to view the tape path removed notification. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 5-13 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 110
there is not a direct match, then the volumes will be placed in the default volume group. 5-14 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 111
exporting volume groups, see Chapter 6, "Cisco SME Key Management." OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 5-15 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 112
. Step 3 Click OK to delete the tape volume group and to view the volume group notification. 5-16 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 113
device details, select a tape device in the navigation pane. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 5-17 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 114
Viewing Tape Device Details Chapter 5 Cisco SME Tape Configuration Send documentation comments to [email protected] 5-18 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 115
addition, unique tape keys can be stored directly on the tape cartridge. The keys are identified across the system by a globally unique identifier (GUID). The Cisco SME key management system includes the following types of keys: • Master key • Tape volume group keys • Tape volume keys Every backup - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 116
key. Considering that a single fabric can host more than one cluster, for example, to support the needs of multiple business groups within the same organization, there will be as many master MDS 9000 Family Storage Media Encryption Configuration Guide 6-2 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 117
that could be used to recover the master key. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-3 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 118
are encrypted by the tape volume group wrap key. Cisco KMC key database- Increases scalability to support a large number of tape volumes by reducing the size of the Cisco KMC key database. Only MDS 9000 Family Storage Media Encryption Configuration Guide 6-4 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 119
and specify the IP address of the primary server. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-5 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 120
Step 4 Click OK to save the settings to view the notification that the settings have been saved. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-6 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 121
page 6-14 • Auto Key Replication of Keys Across Data Centers, page 6-15 • Basic Mode Master Key Download, page 6-19 • Replacing Smart Cards, page 6-22 • Exporting Volume Groups From Archived Clusters, page 6-33 NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-7 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 122
mode; you will see only the shared key. Click the Active tab to view all active keys. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-8 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 123
3 Click the Deactivated tab to view all keys that have been marked as deactivated and stored in the Cisco KMC. You can view the barcode, GUID (the unique key identifier generated by the switch), deactivated date, and version (the version of the tape key generated for the same barcode). Purging - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 124
the cluster. Select a volume group. Click Export. Step 4 Enter the volume group file password. Click Next. 6-10 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 125
Chapter 6 Cisco SME Key Management Key Management Operations Send documentation comments to [email protected] Step 5 Click Download to download the volume group file. Step 6 Save the .dat file. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 126
. To import into a new volume group, create the volume group first, and then import a volume group. 6-12 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 127
. I Step 4 Select the volume group .dat file. Click Open. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-13 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 128
Volume Groups to display the volume groups in the cluster. Select one or more volume groups. 6-14 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 129
to one or more clusters. The automated process of replicating keys eliminates the need for the manual key export and import procedures. The media key auto-replication is configured on per tape volume group OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-15 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 130
to display the clusters. Select a cluster and select Remote Replication. The Remote Replication Relationships pane appears. 6-16 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 131
replication relationship and the replication status shows as Created. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-17 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 132
needs to be removed. Click OK to remove the replication relationship of the selected volume groups. 6-18 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 133
Key Download In Basic security mode, the master key file can be downloaded multiple detail view includes a button to download the master key file. To download the master key file (Basic security cluster details. Step 2 Click the Download Master Key button to download the master key file. OL-18091- - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 134
Management Send documentation comments to [email protected] Step 3 Enter the password to protect the master key file. Click Download to begin downloading the encrypted file. 6-20 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 135
Management Key Management Operations Send documentation comments to [email protected] Step 4 Click Close to close the wizard. Step 5 Click Save to save the downloaded master key file. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 136
• Advanced Mode, page 6-24 Standard Mode In Standard security mode, the master key can be downloaded to a replacement smart card from the Fabric Manager Web Client. To replace a smart card ( Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 137
Chapter 6 Cisco SME Key Management Key Management Operations Send documentation comments to [email protected] Step 4 Click Finish to close the wizard. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-23 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 138
Replace to launch the smart card replacement wizard. Step 3 Insert the new smart card. Click Next. 6-24 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 139
Officer who owns the replacement smart card is prompted to log in and to insert the smart card to download the master key. Enter the switch login information and the smart card PIN and label. Click Next. NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-25 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 140
Next. ) Step 6 Enter the switch login information and the smart card PIN and label. Click Next. 6-26 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 141
belonging to each recovery officer in any random order. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-27 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 142
identify the smart card. Click Next. A notification is shown that the first keyshare is successfully stored. 6-28 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 143
PIN information for the third recovery officer. Click Next. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-29 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 144
the fourth recovery officer. Click Next. A notification is shown that the fourth keyshare is successfully stored. 6-30 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 145
Next to begin the automatic synchronization of volume groups. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-31 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 146
Close to return to the Fabric Manager Web Client and to view the smart card information. 6-32 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 147
display the volume groups in the cluster. Click Export. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-33 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 148
to locate the volume group master key file. Step 3 Select the master key file. Click Open. 6-34 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 149
be used to encrypt the exported file. Click Next. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-35 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 150
Key Management Send documentation comments to [email protected] Step 6 Click Download to begin downloading the volume group file. Step 7 To save the exported volume group, 6-36 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 151
3 Enter the smart card PIN and label. Click Next. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-37 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 152
Send documentation comments to [email protected] Step 4 Enter the password to encrypt the volume group file. Click Next. Step 5 Click Download to begin downloading the file. 6-38 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 153
in the cluster. Select a volume group and click Export. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-39 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 154
. Click Next. Step 3 Enter the smart card PIN and label. Click Next. The keyshare is retrieved. 6-40 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 155
. Step 6 Enter the volume group file password. Click Next. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-41 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 156
Key Management Operations Chapter 6 Cisco SME Key Management Send documentation comments to [email protected] Step 7 Click Download to begin downloading the volume group. 6-42 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 157
accounting pattern is displayed based on the selected pattern. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-43 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 158
an operation depends upon the resulting status of the operation and/or other criteria documented below. 6-44 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 159
and STATUS for the operation. Details: QUERY PARAMETER: Guid SUCCESS: "GUID: " FAILURE: "GUID: " QUERY PARAMETER: Cloned from Guid SUCCESS: "Cloned from GUID: " FAILURE: "Cloned from GUID: " Operation: ARCHIVE_KEY Logged as: "Archive key" Description: A key - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 160
Logged as: "Purge key" Description: A key and references to it are removed from the keystore. Details: SUCCESS: "GUID: " FAILURE: "GUID: error: " Operation: DELETE_ALL_TAPE_VOLUME_KEYS Logged as: "Delete Tape Volume Keys" Description: All tape volume keys for the - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 161
new master key. Details: INITIATED: "" SUCCESS: "" FAILURE: "error: " OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-47 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 162
>" FAILURE: "share index: smartcard label: smartcard serial number: GUID: error: " Operation: REKEY_CLONE_WRAP_KEYS Logged as: "Clone tape volume- group wrap keys" Description: Part of Master Key re-key involves cloning wrap - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 163
keys in the RSA Key Manager are also purged. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 6-49 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 164
Migrating a KMC Server Chapter 6 Cisco SME Key Management Send documentation comments to [email protected] 6-50 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 165
Tasks, page 7-1 • Enabling and Disabling SME Clustering, page 7-2 • Enabling and Disabling the Cisco SME Service, page 7-2 • Creating the SME Interface, page 7-2 • Deleting the SME Interface, page 7-3 • NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 7-1 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 166
g. Specify the password to encrypt the master key and download the key file. Enabling and Disabling SME Clustering The first of configuring Cisco SME is to enable the SME service. To enable the SME service, follow these steps: Step 1 Step 2 Step Guide 7-2 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 167
mode • Recovery • Shared key mode • Shutdown cluster for recovery OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 7-3 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 168
set the SME cluster security level, follow these steps: Step 1 Command switch# config t Purpose Enters configuration mode. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 7-4 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 169
. Specifies the cluster and enters SME cluster configuration submode. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 7-5 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 170
switch(config-sme-cl)# Purpose Enters configuration mode. Specifies the cluster and enters SME cluster configuration submode. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 7-6 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 171
. Enables the key-on-tape feature. Disables tape compression. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 7-7 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 172
Cluster status is online Total Nodes are 1 Recovery Scheme is 1 out of 1 Fabric[0] is f1 CKMC server has not been provisioned Master Key GUID is 8c57a8d82d2098ee-3b27-6c2b116a950e, Version: 0 Shared Key Mode is Enabled Auto Vol Group is Not Enabled Cisco MDS 9000 Family Storage Media Encryption - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 173
sample output of the show sme cluster key command follows: switch# show sme cluster clustername1 key database Key Type is tape volumegroup shared key GUID is 3b6295e111de8a93-e3f9-e4ae372b1626 Cluster is clustername1, Tape backup group is HR1 OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 174
Line Interface to Configure SME Send documentation comments to [email protected] Tape volumegroup is Default Key Type is tape volumegroup wrap key GUID is 3e9ef70e0185bb3c-ad12-c4e489069634 Cluster is clustername1, Tape backup group is HR1 Tape volumegroup is Default Key Type is master key - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 175
information about tape cartridges. switch# show sme cluster clustername1 tape detail Tape 1 is online Is a Tape Drive HP Ultrium 2-SCSI Serial Number is 2b10c2e22f Is a member of HR1 Paths Host 10:00:00:00:c9:4e -OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 7-11 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 176
: new role Vsan policy: permit (default) Rule Type Command-type Feature 1 permit config sme-recovery-officer 7-12 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 177
can avoid problems when Troubleshooting Guide Troubleshoot any new configuration changes after implementing the change. • Save all configuration changes on all switches in the cluster for correct cluster operation. • When designing your backup environment, consider that Cisco SAN-OS or NX-OS supports - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 178
[email protected] • Refer to the Cisco Storage Media Encryption Design Guide for guidelines on sizing and placements of Cisco SME interfaces. Cisco KMC and Device Manager to proactively manage your fabric and detect possible problems before they become critical. Note For details on SME sizing - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 179
area network (SAN) using the Cisco MDS 9000 Family of switches. The Cisco MDS 9000 Family Troubleshooting Guide introduces tools and methodologies that are used to recognize a problem, determine its cause, and find possible solutions. Cluster Recovery Scenarios This section includes information on - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 180
Cluster Recovery Scenarios Chapter 9 Cisco SME Troubleshooting Send documentation comments to [email protected] Note The Cisco SME cluster can lead to data corruption. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 9-2 OL-18091-01 Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 181
Chapter 9 Cisco SME Troubleshooting Cluster Recovery Scenarios Send documentation comments to [email protected] On the offline switch (switch2), shut down the offline switch. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 9-3 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 182
Cluster Recovery Scenarios Chapter 9 Cisco SME Troubleshooting Send documentation comments to [email protected] On the cluster master switch procedure for every offline switch. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 9-4 OL-18091-01 Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 183
Chapter 9 Cisco SME Troubleshooting Cluster Recovery Scenarios Send documentation comments to [email protected] On switch1, shut down the cluster by performing this switch. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 9-5 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 184
Cluster Recovery Scenarios Chapter 9 Cisco SME Troubleshooting Send documentation comments to [email protected] On switch2, shut down the cluster by master switch: switch2. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 9-6 OL-18091-01 Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 185
Other types of characters will cause problems in the cluster configuration. Troubleshooting Scenarios The following scenarios are described in a cluster, page 9-8 • If you need to contact your customer support representative or Cisco TAC, page 9-9 • A syslog message is displayed when Guide 9-7 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 186
9 Cisco SME Troubleshooting Send documentation comments to the "no paths found" message is displayed, enter the show tech and show tech-support sme command. Newly added tape drives are not showing in a cluster If you add Encryption Configuration Guide 9-8 OL-18091-01 Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 187
Troubleshooting Troubleshooting Scenarios Send documentation comments to [email protected] If you need to contact your customer support representative or Cisco TAC At some point, you may need to contact your customer support contacting your support organization. You should manually remove - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 188
Troubleshooting Scenarios Chapter 9 Cisco SME Troubleshooting Send documentation comments to [email protected] 9-10 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01 Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 189
the appropriate mode for each command. For more information, refer to the "Command Modes" section of the Cisco MDS 9000 Family CLI Configuration Guide. SME Commands This appendix contains an alphabetical listing of commands that are unique to the Cisco SME features. OL-18091-01, Cisco MDS NX - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 190
-volgrp switch(config-sme-cl)# Related Commands Command show sme cluster Description Displays Cisco SME cluster information. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-2 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 191
enables the host server to talk to the storage array, which directly bypasses the individual Intelligent Service Applications (ISAs), and causes data corruption. You must use this command only as the last option -OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-3 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 192
enable switch(config)# Related Commands Command show sme cluster Description Displays information about the Cisco SME cluster. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-4 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 193
the system output from the debug sme all command: OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-5 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 194
Commands Command no debug all show sme Description Disables all debugging. Displays all information about Cisco SME. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-6 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 195
cluster Description Displays information about the Cisco SME cluster. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-7 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 196
sme cluster clustername1 tape detail Tape t1 is online Is a Tape Drive Model is HP Ultrium 2-SCSI Serial Number is HUM4A00184 Is configured as tape device b1 in tape group , 0.00 KB/sec Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-8 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 197
, 0 authentication 0 key generation, 0 incorrect read 0 incompressible, 0 bad target responses OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-9 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 198
)# fabric sw-xyz Related Commands Command show sme cluster Description Displays information about Cisco SME cluster. A-10 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 199
a cluster. Displays interface information. Enables or disables an interface. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-11 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 200
-redirect version2 enable Please make sure to read and understand the following implications before proceeding further: A-12 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 201
enable mode Description Disables version2 mode in FC-Redirect. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-13 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 202
Examples The following example shows how to enable clustering and configure Cisco SME services: switch# config terminal switch(config)# feature cluster switch(config)# feature sme . A-14 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 203
To use this command, clustering must be enabled using the feature cluster command and Cisco SME services must be activated using the feature sme command. Once you have configured the interface, use the MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-15 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 204
use this command, clustering must be enabled using the feature cluster command and Cisco SME services must be activated using the feature sme command. To delete the Cisco SME interface, first Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 205
the node to a fabric. Displays Cisco SME interface details. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-17 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 206
encrypted security keys to be stored on the backup tapes. Note This feature is supported only for unique keys. Before using this command, automatic volume grouping should be disabled A-18 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 207
information about cluster key database. Displays information about tapes. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-19 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 208
the SME interface: switch# config t switch(config)# interface sme 4/1 switch(config-if)# no link-state-trap A-20 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 209
Command show sme cluster OL-18091-01, Cisco MDS NX-OS Release 4.x Description Displays Cisco SME information. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-21 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 210
Command Description show sme cluster node Displays Cisco SME node information about a local or remote switch. A-22 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 211
exporting volume groups, see Chapter 6, "Cisco SME Key Management." OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-23 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 212
: Elapsed 0:3:39.28, Read 453.07 MB, 2.07 MB/s, Write 2148.27 MB, 9.80 MB/s Done A-24 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 213
. Configures crypto backup group. Configures crypto backup volume group. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-25 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 214
t switch(config)# sme cluster c1 switch(config-sme-cl)# scaling batch enable switch(config-sme-cl)# A-26 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 215
sme cluster Description Displays information about the security settings. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-27 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 216
done. Related Commands Command show role Description Displays information about the various Cisco SME role configurations. A-28 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 217
show sme cluster Description Displays Cisco SME cluster information. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-29 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 218
on ILC_HELPER info debugging is on Related Commands Commands debug sme Description Debugs Cisco SME features. A-30 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 219
OS 3.2(1) image (supporting FC-Redirect) to an older image where FC-Redirect is not supported. • Decommissioning a switch: switch# show fc-redirect active-configs Config#1 ========== Appl UUID = 0x00D8 (ISAPI CFGD Service) SSM Slot = 2 SSM Switch WWN = 20:00:00:05:30:00:90:9e Configuration Guide A-31 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 220
Cisco SME CLI Commands Send documentation comments to [email protected] ========== Appl UUID = 0x00D8 (ISAPI CFGD Service) SSM Slot = 2 SSM Switch WWN = 20:00:00:0d:EC:20:13:00 (REMOTE) MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 221
8b:0d:12:c6 VI PWWN = 2f:ec:00:05:30:00:71:61 Config#2 ========== Appl UUID = 0x00D8 (ISAPI CFGD Service) SSM Slot = 2 SSM Switch WWN = 20:00:00:05:30:00:90:9e (LOCAL) Vt PWWN = 2f:ea: 01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-33 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 222
was introduced. Usage Guidelines This command is used for verifying the fabric state and for troubleshooting. Note To find the switch IP address for the list of switch WWNs, use the A-34 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 223
Description Clears the active configurations on the local switch. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-35 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 224
KB/sec clear 0 bytes, encrypt 0 bytes, decrypt 0 compress 0 bytes, decompress 0 bytes compression ratio 0:0 flows 0 encrypt, 0 clear A-36 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 225
Description Configures the Cisco SME interface on the switch. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-37 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 226
Feature 1 permit show sme-stg-admin 2 permit config sme-stg-admin 3 permit debug sme-stg-admin A-38 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 227
the Cisco SME administrator and Cisco SME recovery roles. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-39 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 228
SME cluster. Shows the Cisco SME cluster key database. Shows the Cisco SME cluster key database details Displays Cisco SME cluster key database guid. The maximum length is 64. Displays Cisco SME cluster key database summary. Displays the load balancing status of the cluster. Displays the logical - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 229
Scheme is 2 out of 5 Fabric[0] is Fabric_name-excal10 KMC server 10.21.113.117:8800 is provisioned, connection state is initializing Master Key GUID is 10af119cfd79c17f-ee568878c049f94d, Version: 0 Shared Key Mode is Not Enabled Auto Vol Group is Not Enabled Tape Compression is Not Enabled Tape Key - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 230
clear sme show sme cluster Description Clears Cisco SME configuration. Displays information about Cisco SME cluster. A-42 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 231
SME configuration. Displays all information of Cisco SME cluster. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-43 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 232
. Examples The following example displays the information for SME technical support: sw-sme-n1# show tech-support sme 'show startup-config' version 4.1(1b) username admin password -- A-44 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 233
sme Description Displays information about the Cisco SME interface. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-45 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 234
Use the shutdown command for cluster recovery. See the Chapter 9, "Cisco SME Troubleshooting" for additional details about recovery scenarios. Examples The following example restarts the Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 235
Send documentation comments to [email protected] sme To enable or disable the Cisco SME services, use the sme command. sme {cluster name | transport ssl trustpoint trustpoint label} Syntax Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-47 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 236
example enables SSL: switch# config t switch(config)# sme cluster c1 switch(config-sme-cl)# ssl kmc A-48 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 237
SME configuration. Displays information about the Cisco SME cluster. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-49 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 238
information about the Cisco SME cluster. Displays information about all tape volume groups or a specific group. A-50 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 239
information about all tape volume groups or a specific group. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-51 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 240
sme show sme cluster Description Clears Cisco SME configuration. Displays information about the Cisco SME cluster. A-52 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 241
Description Clears Cisco SME configuration. Displays information about tapes. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-53 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 242
following example configures a Cisco SME RSCN suppression timer value: switch# config t switch(config))# sme cluster c1 A-54 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 243
-sme-cl)# tune-timer rscn_suppression_timer 2 switch(config-sme-cl)# OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide A-55 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 244
tune-timer Appendix A Cisco SME CLI Commands Send documentation comments to [email protected] A-56 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 245
Recovery in Cisco SME The Cisco SME solution provides seamless encryption service through a hardware-based encryption engine. However, when the MSM-18 data back to the tape volumes. Figure B-1 shows the topology supported by the Offline Data Restore Tool (ODRT). Figure B-1 Offline Data Guide B-1 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 246
information about the odrt.bin command, see Appendix A, "Cisco SME CLI Commands." Note The Offline Data Restore Tool (ODRT) is currently supported only in Red Hat Enterprise Linux 5. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide B-2 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 247
be encrypted before transmission and provides security. Many application servers and Web servers support the use of keystores for SSL configuration. This appendix also includes information on how -01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide C-1 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 248
:EA:82:08:67:FB:90:7D:58:EB Do you accept this certificate? [yes/no]:yes Cisco MDS 9000 Family Storage Media Encryption Configuration Guide C-2 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 249
for all the switches in this Fabric Manager server. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide C-3 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 250
.tcl [r] [k] [s] [a] [h] r Generate Root CA certificate k Generate KMC server certificate s Generate Switch certificate and configure switch trust point Cisco MDS 9000 Family Storage Media Encryption Configuration Guide C-4 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 251
/server/default/conf/fmtrust.jks Go to /bin OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide C-5 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 252
. Step 2 Click the SME tab and select the Key Manager Settings. The Key Manager Settings window displays. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide C-6 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 253
SSL is enabled on KMC with the following results: OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide C-7 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 254
as none until the cluster is updated. For more information, refer to Selecting Transport Settings, page 4-10. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide C-8 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 255
to select RSA as the key manager for Cisco SME and then create a cluster. Installing the RKM Application To install the RKM application, follow the instructions provided in the RSA Install Guide. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 256
client.csr file. This is the owner. The common name must be different from the issuer home. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide D-2 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 257
to be sent with your certificate request A challenge password []: OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide D-3 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 258
-deststoretype JKS Place these keystore files in the mds9000/conf/cert directory and restart Fabric Manager server. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide D-4 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 259
the Identities tab. Click Create to create a new identity. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide D-5 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 260
, follow these steps: Step 1 Select Key Manager Settings and click RSA. The RSA settings fields are displayed. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide D-6 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 261
settings are saved, you cannot change the Key Manager. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide D-7 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 262
been previously tested to help ensure the correct restoration of the keys in case any problems arise during migration. Export all volume group keys in the cluster. Each volume group . Cisco MDS 9000 Family Storage Media Encryption Configuration Guide D-8 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 263
same state (active or deactivated) as before the migration. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide D-9 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 264
Migrating From Cisco KMC to RKM Appendix D RSA Key Manager and Cisco SME Send documentation comments to [email protected] D-10 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 265
run the pg_dump command to back up the database. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide E-1 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 266
key rekey operation, make a backup of the database and discard the copies of the previous database backup. Cisco MDS 9000 Family Storage Media Encryption Configuration Guide E-2 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 267
application, read the requirements and prerequisites for the following services and features: • SAN Considerations, page F-1 • switch vendors. Note Cisco SME is supported on Cisco-only SANs. However, SANs that have switches from other vendors may also be supported on a case-by-case basis. Guide F-1 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 268
software versions. Refer to the Cisco MDS 9000 Family Interoperability Support Matrix. MSM-18/4 Modules Collect the following information about FC Redirect configuration. Refer to the Cisco Storage Media Encryption Design Guide for details. Note Generation 2 modules are recommended for ISL - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 269
for Fabric Manager server and KMC. - For the server running Windows operating system, download and install OpenSSL from the following locations: http://gnuwin32.sourceforge.net/packages/openssl.htm Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide F-3 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 270
Before configuring Cisco SME, you need to install the Fabric Manager, enable the services, assign roles and users, create fabrics, install SSL certificates, and then following tasks: Cisco MDS 9000 Family Storage Media Encryption Configuration Guide F-4 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 271
on page 2-12 and Cisco MDS 9000 Family Fabric Manager Configuration Guide. Configuring CFS Regions For FC-Redirect To configure the CFS regions to the "Enabling Clustering" section on page 2-3. • Enable Cisco SME services using either Fabric Manager or Device Manager. For more information, refer - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 272
enable" section on page A-12. Note To learn about enabling these services, refer to Chapter 2, "Getting Started." Assigning Cisco SME Roles and Cisco MDS 9000 Family Fabric Manager Configuration Guide and the Cisco MDS 9000 Family CLI Configuration Guide. Creating Cisco SME Fabrics When creating - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 273
configuration procedures. • Save the running configuration to startup configuration. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide F-7 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 274
Provisioning Cisco SME Appendix F Planning For Cisco SME Installation Send documentation comments to [email protected] Cisco MDS 9000 Family Storage Media Encryption Configuration Guide F-8 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 275
passwords for the source and destination database when prompted. OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide G-1 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 276
follows: [root@test-vm-236 SMEdbmigrate]# ./smedbmigrate.sh [INFO] File /root/download/SMEdbmigrate/smedbmigration.properties found Please enter the passsword for user admin on source database MDS 9000 Family Storage Media Encryption Configuration Guide G-2 OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 277
create 6-16 remove 6-18 translating media keys 6-15 B Basic security about 4-5, 6-3 downloading key file 4-12 best practices overview 8-1 C CFS requirement 1-13 Changing the Fabric Name 18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide IN-1 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 278
4-29 viewing using Fabric Manager 4-28 command-line interface. See CLI contacting support 9-9 D Device Manager 2-2 DNS alternative 2-9 configuration 9-7 enabling 2-8 E Enabling 1-12 IN-2 Cisco MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 279
N NIST 1-3 O Offline Data Restore Tool about B-1 P purging clusters 4-20 OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide IN-3 - HP Cisco MDS 9124 | Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 280
supported topologies single-fabric 1-8 troubleshooting 9-8 tapes recycling 6-4 tape volume group key 6-2 tape volume key 6-2 translation context 6-15 transparent fabric service 1-3 troubleshooting MDS 9000 Family Storage Media Encryption Configuration Guide OL-18091-01, Cisco MDS NX-OS Release 4.x
Send documentation comments to [email protected]
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Cisco MDS 9000 Family Storage Media
Encryption Configuration Guide, Release
4.x
Cisco MDS NX-OS Release 4.1(3)
February 2009
Text Part Number: OL-18091-01