Security Management

Security Management

The Cisco UCS Manager 4.3(5a) release introduces the Security Management tab in the Admin section. This section aims to offer multiple security management options to protect sensitive data and ensure network integrity. The tab currently includes Encryption Management and assists administrators in effectively managing security settings.

Encryption Management

Complementing the Security Management enhancements, Cisco introduces Encryption Management. This feature ensures that the management sessions are encrypted to prevent unauthorized access.

Configuring Encryption Management

Configure or update the primary encryption key to secure sensitive data within Cisco UCS Manager. The encryption scope allows you to establish a master key for the system. This key is essential for protecting sensitive data and ensuring secure communication across the network infrastructure.

Before you begin

  • Ensure you have the necessary administrative privileges to modify security settings.

  • Have the new primary key string ready, ensuring it meets the character and length requirements.


Note

If an AES encryption key is configured in Cisco UCS Manager Release 6.0(1b) or earlier and you upgrade to Release 6.0(2b), you must reconfigure the key to continue using the encryption.

Procedure

  Command or Action Purpose

Step 1

UCS-A# scope security

Enter the security mode.

Step 2

UCS-A /security # scope encryption

Enters encryption management mode.

Step 3

UCS-A /security/encryption # set encryption-key

Note

 

  • The key length must be between 16 to 64 characters.

  • The key cannot have a combination of double quote ("), single quote ('), and space ( ).

  • The first and second characters cannot be a combination of single quote (') and double quote (").

  • For more information, refer to Creating a MACsec Key section in the Cisco UCS Manager Network Management Guide Using the CLI.

Step 4

UCS-A /security/encryption # commit-buffer

Commits the transaction to the system configuration.

Note

 

You can modify the primary key, but you cannot delete the key.
The system validates the key. If the key meets all requirements and matches the confirmation, the transaction is committed and the asterisk (*) is removed from the prompt.

The primary encryption key is successfully configured.

Example

The following example shows how to enter the security and encryption scopes, set a 16-character encryption key, and commit the transaction: 

UCS-A# scope security
UCS-A /security # scope encryption
UCS-A /security/encryption # set encryption-key
Enter the Encryption Key:
Confirm the Encryption Key:
UCS-A /security/encryption* # commit-buffer
UCS-A /security/encryption #

What to do next

After configuring the encryption key, you may need to:

  • Document the key in a secure location, as it cannot be retrieved using any CLI command once set.

  • Verify that dependent security services are functioning correctly with the new key.