Cisco Blogs

Storage Encryption Enhanced!

Lets keep things rolling lets talk about another great upgrade unveiled at Cisco Live San Diego 2012. With the latest version of NX-OS 5.2(6) on the MDS, Cisco has made some interesting changes to the Cisco Storage Media Encryption (SME) product. First, lets do a quick primer on SME for those of you who might not be familiar with the product and why you would consider it.

Cisco Storage Media Encryption is an in-line product that runs on the MDS storage switches that encrypts data at rest on tape, virtual tape, and disks. Encryption of data at rest is becoming more and more common as companies take additional steps to ensure the integrity of corporate IP and customer data. There are also a number of government regulations that require the encryption of data at rest, most notably HIPA regulations in the healthcare industry. Increased regulation requiring encryption of data at rest is likely as well.

SME does the encryption with encryption hardware engines built onto Fibre Channel modules on the MDS. SME is also managed with Cisco Data Center Manager (DCNM). This in-line, integrated approach prevents the performance bottlenecks caused by add-on encryption appliances and the integrated management with DCNM ensures ease of operation.

So what’s new?  The first new feature on SME is Master Key Re-Key. This feature allows customers to change the master key. When the master key is changed, all of the sub-keys are unwrapped and rewrapped with the new master key. This kind of operation allows customers to change the master key with minimal disruption to operations.

The second feature available with the latest incarnation of SME is Signature on Disk. In disk signature mode, you can take snapshots across LUNs during key-change operations. SME will automatically recognize these snap shots based on the signature. This simplifies snap shots and makes it easier to maintain both encryption and the backup safety of snap shots.

These features are available to anyone who as licensed Cisco Storage Media Encryption and is on NX-OS 5.2(6). Feature enhancements like these are part of Cisco’s continuing commitment increasing the value of our products to our customers. If you are interested in SME and it’s features, be sure to check out the Storage Media Encryption Design Guide for full details on how SME and these new features work.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.