How To Encrypt Data On A Network With Cisco Storage Media Encryption (Sme) For Disk And Tape (Smine)



Similar documents
How To Create A Large Enterprise Cloud Storage System From A Large Server (Cisco Mds 9000) Family 2 (Cio) 2 (Mds) 2) (Cisa) 2-Year-Old (Cica) 2.5

Storage Media Encryption and Enterprise Key Management: The EMC Connectrix MDS and RSA Solution for Securing Data on Tape

Cisco Data Center Network Manager for SAN

How To Use The Cisco Mds F Bladecenter Switch For Ibi Bladecenter (Ibi) For Aaa2 (Ibib) With A 4G) And 4G (Ibb) Network (Ibm) For Anaa

Implementing and Managing Windows Server 2008 Clustering

EMC PowerPath Family

Cisco Application Networking Manager Version 2.0

Large SAN Design Best Practices

Cisco Nexus 7000 Series Supervisor Module

Formación en Tecnologías Avanzadas

Storage Networking Management & Administration Workshop

Cisco Data Center Network Manager Release 5.1 (LAN)

Cisco and EMC Solutions for Application Acceleration and Branch Office Infrastructure Consolidation

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

Cisco License Manager 3.1

Configuring Cisco Nexus 5000 Switches Course DCNX5K v2.1; 5 Days, Instructor-led

Projectplace: A Secure Project Collaboration Solution

Alliance Key Manager Solution Brief

Cisco MDS 9500 Series Supervisor-2A Module

Next Generation Data Center Networking.

Designing, Optimizing and Maintaining a Database Administrative Solution for Microsoft SQL Server 2008

Optimized data protection through one console for physical and virtual systems, including VMware and Hyper-V virtual systems

Complying with PCI Data Security

Microsoft SQL Server 2005 on Windows Server 2003

Cisco Prime Data Center Network Manager Release 6.1

Deployment Topologies

MS Design, Optimize and Maintain Database for Microsoft SQL Server 2008

Cisco Intercloud Fabric Security Features: Technical Overview

STORAGE CENTER WITH NAS STORAGE CENTER DATASHEET

EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions

Reference Architecture. EMC Global Solutions. 42 South Street Hopkinton MA

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Cisco Wide Area Application Services (WAAS) Software Version 4.0

OVERVIEW. CEP Cluster Server is Ideal For: First-time users who want to make applications highly available

Cisco Application Control Engine Appliance

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Cisco ACE 4710 Application Control Engine

Achieving High Availability & Rapid Disaster Recovery in a Microsoft Exchange IP SAN April 2006

Cisco Virtual SAN Advantages and Use Cases

Cisco Nexus 1000V Switch for Microsoft Hyper-V

A virtual SAN for distributed multi-site environments

CiscoWorks Resource Manager Essentials 4.3

Cisco Active Network Abstraction Gateway High Availability Solution

How To Use The Cisco Ace Module For A Load Balancing System

HBA Virtualization Technologies for Windows OS Environments

Cisco MDS Gbps 8-Port FCoE Module

Next-Generation Federal Data Center Architecture

Cisco Virtualized Multiservice Data Center Reference Architecture: Building the Unified Data Center

HP iscsi storage for small and midsize businesses

Hitachi Virtual Storage Platform Family: Security Overview. By Hitachi Data Systems

HP StorageWorks Data Protection Strategy brief

EMC Backup and Recovery for Microsoft SQL Server 2008 Enabled by EMC Celerra Unified Storage

Cisco Prime Data Center Network Manager Release 7.0: Fabric Management for Cisco Dynamic Fabric Automation

Injazat s Managed Services Portfolio

UN 4013 V - Virtual Tape Libraries solutions update...

High Availability with Windows Server 2012 Release Candidate

A Strategic Approach to Enterprise Key Management

Cisco SFS 7000P InfiniBand Server Switch

STORAGE CENTER. The Industry s Only SAN with Automated Tiered Storage STORAGE CENTER

Windows Server 2008 Hyper-V Backup and Replication on EMC CLARiiON Storage. Applied Technology

Cisco MDS Port 16-Gbps Fibre Channel Switching Module

Implementing Cisco Data Center Unified Computing (DCUCI)

How To Design A Data Centre

Vicom Storage Virtualization Engine. Simple, scalable, cost-effective storage virtualization for the enterprise

Microsoft System Center 2012 SP1 Virtual Machine Manager with Storwize family products. IBM Systems and Technology Group ISV Enablement January 2014

Improving Application Performance, Scalability, and Availability using Microsoft Windows Server 2008 and NLB with Sanbolic Melio FS and SAN Storage

Implementing the Application Control Engine Service Module

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

Implementing and Troubleshooting the Cisco Cloud Infrastructure **Part of CCNP Cloud Certification Track**

Alliance Key Manager Cloud HSM Frequently Asked Questions

Feature Comparison. Windows Server 2008 R2 Hyper-V and Windows Server 2012 Hyper-V

Routing Security Server failure detection and recovery Protocol support Redundancy

MICROSOFT CLOUD REFERENCE ARCHITECTURE: FOUNDATION

IBM BladeCenter H with Cisco VFrame Software A Comparison with HP Virtual Connect

Data Replication INSTALATION GUIDE. Open-E Data Storage Server (DSS ) Integrated Data Replication reduces business downtime.

DS SERIES SOLUTIONS ALL AT ONCE

ETERNUS CS High End Unified Data Protection

Cisco Prime Cable Provisioning 5.0

Cisco Unified Data Center Solutions for MapR: Deliver Automated, High-Performance Hadoop Workloads

Deploying Global Clusters for Site Disaster Recovery via Symantec Storage Foundation on Infortrend Systems

Cisco Secure Control Access System 5.8

Brocade One Data Center Cloud-Optimized Networks

Enterprise Virtual Desktop Infrastructure: Design for Performance and Reliability

6231A - Maintaining a Microsoft SQL Server 2008 Database

FTP-Stream Data Sheet

Tim Bovles WILEY. Wiley Publishing, Inc.

Implementing Cisco Data Center Unified Fabric Course DCUFI v5.0; 5 Days, Instructor-led

Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules

The Benefit of Migrating from 4Gb to 8Gb Fibre Channel

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

Next Gen Data Center. KwaiSeng Consulting Systems Engineer

Transcription:

Data Sheet Cisco Storage Media Encryption for Disk and Tape Product Overview Cisco Storage Media Encryption (SME) protects data at rest on heterogeneous tape drives, virtual tape libraries (VTLs), and disk arrays in a SAN environment using highly secure IEEE Advanced Encryption Standard (AES) algorithms. Cisco SME hardware and software are fully integrated with the Cisco MDS 9000 Family. Encryption is performed as a transparent Fibre Channel fabric service, which greatly simplifies the deployment and management of sensitive data on SAN-attached storage devices. Unlike other approaches, Cisco SME requires no downtime to deploy. Cisco SME is built on a system architecture based on Federal Information Processing Standards (FIPS) and offers highly secure, comprehensive key management, with support for offline media recovery (Figure 1). Figure 1. Cisco SME System Architecture Features and Benefits Cisco SME provides a complete, integrated solution for encryption of data at rest on heterogeneous tape drives, VTLs, and disk arrays. Storage in any virtual SAN (VSAN) can make full use of Cisco SME, providing exceptional flexibility for provisioning this transparent fabric service. Cisco SME requires no SAN reconfiguration or rewiring, eliminating downtime for deployment. Cisco SME employs clustering technology to enhance reliability and availability, enable automated load-balancing and failover capabilities, and simplify provisioning. To simplify management, this encryption service is provisioned as a single, logical SAN fabric feature rather than as individual switches or modules. 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 1

Secure lifecycle key management is included, with essential features such as master key rekey, key archival, key shredding, automatic key replication across data centers, high-availability deployments, and export and import for single- and multiple-site environments. Provisioning and key management for Cisco SME are both integrated into Cisco Data Center Network Manager (DCNM); no additional software is required for management. Cisco SME includes the following features: Rapid, scalable deployment: Cisco SME performance can easily be scaled up by adding more Cisco MDS 9000 Family switches or modules. The innovative Fibre Channel redirect capabilities in the Cisco MDS 9000 SAN-OS and NX-OS Software enable traffic from any switch port to be encrypted without the need to reconfigure or rewire the SAN. High availability: Cisco SME services employ clustering technology to create a highly available solution. The cryptographic cluster enhances reliability and availability, enables automated load balancing and failover capabilities, and simplifies provisioning as a single SAN fabric service rather than as individual switches or modules. Additionally, Cisco Key Management Center (KMC) supports 1+1 high-availability deployments. High level of security: Cisco SME uses strong, IEEE-compliant AES 256 encryption algorithms to protect data at rest. Advanced Cisco MDS 9000 SAN-OS and NX-OS Software security features, such as Secure Shell (SSH), SSL, RADIUS, and Fibre Channel Security Protocol (FC-SP) provide the foundation for a secure FIPS architecture. Comprehensive lifecycle key management: Cisco KMC provides dedicated key management for Cisco SME, with support for single- and multiple-site deployments, including automatic key replication across data centers and high-availability deployments. Cisco KMC provides essential features such as master key rekey, key archival, highly secure export and import and translation for distribution, and key shredding. Integrated management: Cisco SME is configured and provisioned using the Cisco MDS 9000 Family command-line interface (CLI) or Cisco DCNM; no additional management software is needed. In addition to consistent management interfaces, Cisco SME supports role-based access control (RBAC) and RADIUS and TACACS+ servers for unified credentials management. Additional features and benefits are presented in Table 1. Table 1. Additional Features and Benefits Feature VSAN independence Disk encryption Data compression Smart cards Investment protection Benefit Traffic on any VSAN can fully utilize Cisco SME encryption capabilities, providing outstanding flexibility for provisioning and load balancing. Cisco SME supports dual fabric, multipath, replicated volumes, high availability for key management, clustering, and storage snapshots with mirroring and point-in-time copy To increase the utilization of tape media, Cisco SME provides an option to compress tape data before encrypting it. Compression is not available for disk encryption. For increased operating security, smart cards are offered to protect master keys, facilitate master key escrow, and help prevent unauthorized cryptographic cluster formation and key recovery. In addition to supporting heterogeneous storage devices, the multipurpose hardware used by Cisco SME supports Cisco MDS 9000 Family storage network services and applications, providing solid investment protection. 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 5

Product Specifications Table 2 lists the product specifications for the Cisco SME. Table 2. Item Product Specifications Specification Product compatibility Software compatibility Cisco MDS 9500 Series Multilayer Directors and MDS 9200 Series Multilayer Switches Cisco MDS 9000 18/4-Port Multiservice Module (MSM) and MDS 9000 16-Port Storage Services Node (SSN) line cards For tape drive encryption: Cisco MDS 9000 SAN-OS Software 3.3(1c) or later and NX-OS 4.1(3a) or later Cisco Fabric Manager 3.3(1c) or later and NX-OS 4.1(3a) or later For disk array encryption: Cisco MDS 9000 NX-OS 5.2(1) or later Cisco DCNM for SAN 5.2(1) or later For master key rekey and storage snapshot support for disk: Cisco MDS 9000 NX-OS 5.2(6) or later Cisco DCNM 5.2(6) or later Protocols Simple Network Management Protocol (SNMP) version 3 SSH version 2 SSL and HTTPS RADIUS and TACACS+ authentication protocols RSA Encryption algorithms Approvals and compliance RSA AES-256 PCI DSS 2.0 standard compliant System Requirements Cisco DCNM is used to provision and manage encryption keys for Cisco SME. The Cisco DCNM data sheet lists the system requirements. Table 3 provides a summary of the requirements. Table 3. Item System Requirements Requirement Encryption type AES 256 Encryption strength Encryption targets Compression Key complexity Key management Host and application protection Others Storage features supported Security High availability 256-bits All major storage media - tape drives, VTLs and disk arrays 4-to-1 for Tape 256 bit length and generated from random number generator (PCS DSS 2.0 compliant) Cisco Key Management Center generates, tracks, and manages the keys Host/device authentication Hardware-based encryption, crypto shred for key deletion, role-based access control, and rekey Replication, storage snapshots - mirror/point in time copy Smartcards for key store and quorum for recovery Clustering architecture supporting load balancing and resiliency for crypto engines, 1+1 Cisco KMC for key management redundancy 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 5

Ordering Information Table 4 lists product ordering information for Cisco SME licenses and components. Cisco SME also requires Cisco MDS 9000 Family hardware modules or switches that support this feature. The following hardware includes encryption units suitable for Cisco SME: Cisco MDS 9222i Multiservice Modular Switch (MMS) Cisco MDS 9000 18/4-Port MSM Cisco MDS 9000 16-Port SSN Cisco DCNM for SAN Advanced Edition is required for running Cisco KMC. A single Cisco KMC can support a multisite deployment. Two instances provide 1+1 high availability. The web client (supported by Cisco DCNM for SAN Advanced Edition) provides the Cisco SME provisioning wizard. At least one instance of Cisco DCNM for SAN Advanced Edition is thus required. For more information about ordering hardware and about Cisco DCNM requirements, see the Cisco MDS 9000 Family product literature at http://www.cisco.com/en/us/products/hw/ps4159/ps4358/index.html. Table 4. Ordering Information Description Storage Media Encryption package for one MSM-18/4 in the Cisco MDS 9500 Series Storage Media Encryption package for one MSM-18/4 in the Cisco MDS 9200 Series Storage Media Encryption package for one service engine on SSN-16 in the Cisco MDS 9500 Series Storage Media Encryption package for one service engine on SSN-16 in the Cisco MDS 9200 Series Storage Media Encryption package for Cisco MDS 9222i MMS fixed slot Smart card reader for Cisco SME Smart card for Cisco SME DCNM for SAN Advanced Edition for MDS 9500 DCNM for SAN Advanced Edition for MDS 9200 Part Number M9500SME1MK9 M9200SME1MK9 M95SMESSNK9= M92SMESSNK9= M9200SME1FK9 DS-SCR-K9= DS-SC-K9= DCNM-SAN-M95-K9 DCNM-SAN-M92-K9 Note: Cisco MDS 9000 Series Switches do not need Cisco Fabric Manager Server license packages to provision Cisco SME or to use the associated key management capabilities. To place an order, visit the Cisco Ordering homepage. To download software, visit the Cisco Software Center. Service and Support Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco Services helps you protect your network investment, optimize network operations, and prepare the network for new applications to extend network intelligence and the power of your business. For more information about Cisco Services, see Cisco Technical Support Services or Cisco Advanced Services. 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 5

Using the Cisco Lifecycle Services approach, Cisco and its partners provide a broad portfolio of end-to-end services and support that can help increase your network s business value and return on investment. This approach defines the minimum set of activities needed, by technology and by network complexity, to help you successfully deploy and operate Cisco technologies and optimize their performance throughout the lifecycle of your network. For More Information http://www.cisco.com/en/us/products/ps8502/index.html. Printed in USA C78-414371-07 06/12 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information