You can initiate the master key rekey operation using one of the following methods:
• Under Data Center Network Manager, click SME. The cluster list is displayed. Click on the required cluster. Under Cluster Details > Security Mode, click Rekey Master Key.
• Under Data Center Network Manager, click SME. The cluster list is displayed. Click Smartcards. The Recovery shares details along with the associated list of smart cards is displayed. Under Recovery Shares, click Rekey Master Key.
• Ensure you install the smartcard drivers on the web client where MKR is initiated.
• Ensure there is IP communication between the Cisco DCNM server, primary server, secondary server, CKMC, and switches.
• Ensure Cisco DCNM-SAN services are running.
• Ensure the clusters are online throughout the MKR process.
• Ensure you export the keys before starting MKR.
• Ensure there is free space for new shares on the smart cards.
• Always start MKR on a fresh browser and ensure there are no instances of DCNM client running.
• Ensure you do not start MKR if the disk is in one of the following states:
– Crypto state with no paths (VPD not known)
– Suspend state with no paths (VPD not known)
– Data Prepare (discovery pending)
1. Once you initiate the rekey master key operation, you will receive a confirmation dialog box. Click OK
The Get Keyshares dialog box is displayed.
Note All nodes that are part of the cluster should remain online until the rekey master key operation is complete.
To rekey the master keyshares, follow these steps:
a. Enter the switch login information, the PIN number for the smart card, and a label that will identify the smart card. Click Next.
A notification is shown that the first keyshare is successfully stored.
b. Enter the switch credentials and PIN information for the second recovery officer. Click Next.
A notification is shown that the second keyshare is successfully stored.
c. Enter the switch credentials and PIN information for the third recovery officer. Click Next.
A notification is shown that the third keyshare is successfully stored.
d. Enter the switch credentials and PIN information for the fourth recovery officer. Click Next.
A notification is shown that the fourth keyshare is successfully stored.
e. Enter the switch credentials and PIN information for the fifth recovery officer. Click Next.
A notification is shown that the fifth keyshare is successfully stored. Click Next to begin the rekeying process.
3. You will see an indication that the operation is in progress and to wait until the rekeying of master keys is completed. Click Next.