HP Cisco MDS 9134 Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 67
Selecting Master Key Security Levels, Security Level, Definition
View all HP Cisco MDS 9134 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 67 highlights
Chapter 4 Cisco SME Cluster Management Creating a Cisco SME Cluster Using the Cisco SME Wizard Send documentation comments to [email protected] Selecting Master Key Security Levels There are three master key security levels: Basic, Standard, and Advanced. Standard and Advanced security levels require smart cards. Table 4-1 describes the master key security levels. Caution You cannot modify the cluster security level after a cluster is created. Before confirming the cluster creation, you will be prompted to review the cluster details. At that time, you can return to modify the security level. Note For information on cluster security, see the "Cisco Storage Media Encryption Security Overview" section on page 1-13 and the "Master Key Security Modes" section on page 6-3. Table 4-1 Master Key Security Levels Security Level Basic Standard Advanced Definition The master key is stored in a file and encrypted with a password. To retrieve the master key, you need access to the file and the password. Standard security requires one smart card. When you create a cluster and the master key is generated, you are prompted to insert the smart card into the smart card reader. The master key is then written to the smart card. To retrieve the master key, you need the smart card and the smart card pin. Advanced security requires 5 smart cards. When you create a cluster and select Advanced security mode, you designate the number of smart cards (2 or 3 of 5 smart cards or 2 of 3 smart cards) that are required to recover the master key when data needs to be retrieved. For example, if you specify 2 of 5 smart cards, then you will need 2 of the 5 smart cards to recover the master key. Each smart card is owned by a Cisco SME Recovery Officer. Note The greater the number of required smart cards to recover the master key, the greater the security. However, if smart cards are lost or if they are damaged, this reduces the number of available smart cards that could be used to recover the master key. Note For Basic and Standard security modes, one user should hold the Cisco SME Administrator and the Cisco SME Recovery Officer roles. In the Master Key Security screen, select the cluster security type you wish to use. You can choose any of the following security levels: • Selecting Basic Security, page 4-6 • Selecting Standard Security, page 4-6 • Selecting Advanced Security, page 4-7 OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide 4-5