Cisco Storage Media Encryption

Delivering Encryption as a SAN Service

Cisco MDS 9000 Storage Media Encryption (SME) encrypts data at rest on heterogeneous tape devices, virtual tape libraries, and disk arrays. This innovative Cisco solution is completely integrated with Cisco MDS 9000 switches and Cisco Data Center Network Manager. Use it to deploy and manage highly available encryption services, without rewiring or reconfiguring SANs or installing additional software.

Features and Capabilities

  • Rapid, scalable deployment
  • High availability
  • Comprehensive lifecycle key management
  • Integrated management

Advantages over Competitive Solutions

The Cisco MDS 9000 SME solution delivers:

  • Simple, nondisruptive installation and provisioning
  • No rewiring or SAN reconfiguration
  • Encryption engines integrated on Fibre Channel switching modules
  • Network-integrated encryption of traffic from any virtual SAN (VSAN)
  • Provisioning, key, and user role management without additional software

Further, SME disk signature mode will allow snapshots of an encrypted LUN across key change operations. It will also automatically recognize snapshot that are exposed to the host, based on the media signature.

The Cisco MDS 9000 SME solution includes complete key management that works with new and existing SANs to provide key archival and shredding features. It supports storage features such as replication, clones and mirrors, and snapshots. The key manager database can be replicated with Oracle Data Guard when an Oracle database is used for archiving.

Any VSAN can use the SME solution. Its clustering technology enhances reliability and availability, and supports automated load balancing, failover capabilities, and simplified provisioning.

Specifications at a Glance

Product compatibility

Cisco MDS 9500 Series Multilayer Directors and MDS 9200 Series Multilayer Switches
MSM-18/4 and SSN-16 line cards

For tape drive encryption:
  • Cisco MDS 9000 SAN-OS Software 3.3(1c) or later and NX-OS 4.1(3a) or later
  • Cisco Fabric Manager 3.3(1c) or later and NX-OS 4.1(3a) or later
Software compatibility For disk array encryption:
  • Cisco MDS 9000 NX-OS 5.2(1) or later
  • Cisco Data Center Network Manager (DCNM-SAN) 5.2.(1) or later
For master key rekey:
  • Cisco MDS 9000 NX-OS 5.2(6) or later
  • Simple Network Management Protocol (SNMP) Version 3
  • Secure Shell (SSH) Version 2
  • SSL and Hyper Text Transfer Protocol over SSL
  • RADIUS and TACACS+ authentication protocols
  • RSA
Encryption algorithms
  • RSA
  • AES-256
Approvals and compliance
  • PCI DSS 2.0 standard compliant

Securing Your Data at Rest
View an animated demonstration showing the benefits of Cisco SME.

Additional Resources

Let Us Help