Cisco Key Management Center (KMC) provides essential features such as key archival, secure export and import, and key shredding.
Key management features include the following:
-
Master key resides in password protected file or in smart cards.
-
If the cluster security mode is set to Basic, the master key resides in the password protected file.
-
If the cluster security mode is set to Standard, the master key resides in only one smart card. And the same smart card is required to recover the master key.
-
If the cluster security mode is set to Advanced, the master key resides in multiple smart cards. Quorum (2 out of 3 or 2 out of 5 or 3 out of 5) of smart cards are required to recover the master key based on the user selection.
-
Unique key per tape for an SME tape cluster.
-
Unique key per LUN for an SME disk cluster.
-
Keys reside in clear-text only inside a FIPS boundary.
-
Tape keys and intermediate keys are wrapped by the master key and deactivated in the CKMC.
-
Disk keys are wrapped by the cluster master key and deactivated in the CKMC.
-
Option to store tape keys on tape media.
The centralized key lifecycle management includes the following:
-
Archive, shred, recover, and distribute media keys.
-
End-to-end key management using HTTPS/SSL/SSH.
The Cisco KMC provides dedicated key management for SME, with support
for single and multisite deployments. The Cisco KMC performs key management
operations.
The Cisco KMC is either integrated or separated from DCNM-SAN depending
on the deployment requirements.
Single site operations can be managed by the integration of the Cisco
KMC in DCNM-SAN. In multisite deployments, the centralized Cisco KMC can be
used together with the local DCNM-SAN servers that are used for fabric
management. This separation provides robustness to the KMC and also supports
the SME deployments in different locations sharing the same Cisco KMC.
Figure 1shows how Cisco KMC is separated from DCNM-SAN for a multisite deployment.
A Cisco KMC is configured only in the primary data center and DCNM-SAN
servers are installed in all the data centers to manage the local fabrics and
provision SME. The SME provisioning is performed in each of the data centers
and the tape devices and backup groups in each of the data centers are managed
independently.
Figure 2. Multisite Setup in Cisco KMC
Need to change all the instances of Fabric Manager to DCNM-SAN. Need to
request this by the illustrator. -- before Delhi.
In the case of multisite deployments when the Cisco KMC is separated
from DCNM-SAN, fabric discovery is not required on the Cisco KMC installation.
The clusters that have connection to the Cisco KMC will be online and the
clusters that are not connected, but are not deactivated, appear as offline.
The SME clusters that are deleted from the fabric appear as deactivated.
The high availability Cisco KMC server consists of a primary server and
a secondary server. When the primary server is unavailable, the cluster
connects to the secondary server and fails over to the primary server once the
primary server is available. The high availability KMC will be available after
you configure the high availability settings in DCNM-SAN Web Client.