SME transparently encrypts and decrypts data inside the storage environment without slowing or disrupting business critical applications.
In SME Tape, SME generates a master key, tape volume keys, and tape keys. The keys are encrypted in a hierarchical order: the master key encrypts the tape volume keys and the tape keys.
In SME Disk, SME generates a master key and disk keys. The keys are encrypted in a hierarchical order: the master key encrypts the disk keys.
The keys are also copied to the key catalog on the Cisco KMC server for backup and archival. Eventually inactive keys are removed from the fabric, but they are retained in the Cisco KMC catalog. The keys can be retrieved automatically from the Cisco KMC by the SME services in the fabric if needed again.
A single Cisco KMC can be used as a centralized key repository for multiple fabrics with SME services if desired. Key catalog import and export capabilities are also provided to accommodate moving tape media to different fabrics in environments with multiple Cisco KMC servers. Backup applications can be used to archive the key catalogs for additional protection.
Note SME cluster can be configured either for SME Disk or for SME Tape. Both Tape and Disk configurations cannot be configured under a same cluster. A cluster can be configured only for one of them.