Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2387
Views
9
Helpful
3
Replies

UCS Self Encryption

Go to solution
schikhao
Cisco Employee
Cisco Employee

‎02-16-2017 04:12 AM

Hi,

I am not sure if I am reaching out to the correct team.

I am involved in a project where we use UCS C-series and by security compliance, we need to protect data at rest.

We thought about options like using DM-Crypt with LUKS to encrypt the full disk but I crossed a document talking about Cisco IMC supports self-encrypting drives (SED).

For us, it’s always better to use our solution and for this can anyone help with some details about this feature in UCS:

o    Level of encryption on the disk?

o    Used Cyphers, algorithm?

o    Key management: should the key reside on the server or called from external location?

o    Is the key needed for each reboot?

o    What is the key lifecycle overview? 

It’s urgent and any help will be appreciated.

Regards.

1 person had this problem
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Wilkinson
Cisco Employee
Cisco Employee

‎02-17-2017 03:52 PM

Hi Slim,

Nice chatting with you the other day. As discussed, we have been supporting SEDs on our standalone C-Series servers for quite some time. Up until recently, the key management for these drives was a manual process. However, with our most recent 3.0(2) Cisco IMC FW, we now support both local and remote key management, specifically SafeNet and Vormetric key managers. This makes deploying SEDs at scale much more secure, and eliminates the need for remembering unique cryptographic keys for each drive.

I am working on getting answers to some of the more pinpointed questions, but please reach out should you need additional info.

Greg

View solution in original post

3 Replies 3

Go to solution
Greg Wilkinson
Cisco Employee
Cisco Employee

‎02-17-2017 03:52 PM

Hi Slim,

Nice chatting with you the other day. As discussed, we have been supporting SEDs on our standalone C-Series servers for quite some time. Up until recently, the key management for these drives was a manual process. However, with our most recent 3.0(2) Cisco IMC FW, we now support both local and remote key management, specifically SafeNet and Vormetric key managers. This makes deploying SEDs at scale much more secure, and eliminates the need for remembering unique cryptographic keys for each drive.

I am working on getting answers to some of the more pinpointed questions, but please reach out should you need additional info.

Greg

Go to solution
Greg Wilkinson
Cisco Employee
Cisco Employee
In response to Greg Wilkinson

‎02-17-2017 05:22 PM

Regarding your other queries:

Level of Encryption on the Disk: We use full disk encryption (FDE)

Used Cyphers/Algorithms: These are internal to the SED drives, they are not handled vy external software, MegaRAID, nor the Cisco IMC.

Key Management: for local key management, the key resides on the server/controller. For KMIP, the key resides on the key management server as well as the controller.

Key needed for each reboot: Not for MegaRAID. There is a "password" needed at every boot, if enabled, but we do not support this today.

Lifecycle: Today - once created, keys reside until they are changed. Most users will perform a re-key operation periodically as they do for passwords, etc.

Go to solution
schikhao
Cisco Employee
Cisco Employee
In response to Greg Wilkinson

‎02-20-2017 12:24 AM

Great help thanks Gregory

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Review Cisco Networking products for a $25 gift card