Cisco Key Management Center (KMC) provides essential features such as key archival, secure export and import, and key shredding.
Key management features include the following:
• Master key resides in password protected file or in smart cards.
– If the cluster security mode is set to Basic, the master key resides in the password protected file.
– If the cluster security mode is set to Standard, the master key resides in only one smart card. And the same smart card is required to recover the master key.
– If the cluster security mode is set to Advanced, the master key resides in multiple smart cards. Quorum (2 out of 3 or 2 out of 5 or 3 out of 5) of smart cards are required to recover the master key based on the user selection.
• Unique key per tape for an SME tape cluster.
• Unique key per LUN for an SME disk cluster.
• Keys reside in clear-text only inside a FIPS boundary.
• Tape keys and intermediate keys are wrapped by the master key and deactivated in the CKMC.
• Disk keys are wrapped by the cluster master key and deactivated in the CKMC.
• Option to store tape keys on tape media.
The centralized key lifecycle management includes the following:
• Archive, shred, recover, and distribute media keys.
• End-to-end key management using HTTPS/SSL/SSH.
– Access controls and accounting.
– Use of existing AAA mechanisms.
The Cisco KMC provides dedicated key management for SME, with support for single and multisite deployments. The Cisco KMC performs key management operations.
The Cisco KMC is either integrated or separated from DCNM-SAN depending on the deployment requirements.
Single site operations can be managed by the integration of the Cisco KMC in DCNM-SAN. In multisite deployments, the centralized Cisco KMC can be used together with the local DCNM-SAN servers that are used for fabric management. This separation provides robustness to the KMC and also supports the SME deployments in different locations sharing the same Cisco KMC.
Figure 2-2 shows how Cisco KMC is separated from DCNM-SAN for a multisite deployment.
A Cisco KMC is configured only in the primary data center and DCNM-SAN servers are installed in all the data centers to manage the local fabrics and provision SME. The SME provisioning is performed in each of the data centers and the tape devices and backup groups in each of the data centers are managed independently.
Figure 1-2 Multisite Setup in Cisco KMC
In the case of multisite deployments when the Cisco KMC is separated from DCNM-SAN, fabric discovery is not required on the Cisco KMC installation. The clusters that have connection to the Cisco KMC will be online and the clusters that are not connected, but are not deactivated, appear as offline. The SME clusters that are deleted from the fabric appear as deactivated.
The high availability Cisco KMC server consists of a primary server and a secondary server. When the primary server is unavailable, the cluster connects to the secondary server and fails over to the primary server once the primary server is available. The high availability KMC will be available after you configure the high availability settings in DCNM-SAN Web Client. For more information on the configuration, see the “Choosing High Availability Settings”.