Overview

HP C-Series MDS 9000 Storage Media Encryption (SME) Software
MDS 9000 Storage Media Encryption (SME) secures data stored on tape drives and virtual tape libraries (VTLs) in a storage area network (SAN) environment using secure IEEE standard Advanced Encryption Standard (AES) 256-bit algorithms. SME is built upon Federal Information Processing Standards (FIPS) Level 3 system architecture and offers secure, comprehensive key management, with support for offline media recovery. The SME software is built to run on MDS 9200 and 9500 series switches and Directors using the MDS 9000 18/4 MultiServices Module or the MDS 9222i with it's built-in cryptographic engine.

Key Features and Benefits

Encryption of Storage Media:
- Encrypts data using AES 256 Bit Encryption
- Secures Data on heterogeneous tape drives and virtual tape libraries
Scalable Performance:
- Grows with storage needs
- Scale throughput by adding additional MDS modules compatible with SME software
Data Compression:
- Compresses data before encryption
- Maximizes Tape media utilization
High Availability:
- Distributed fabric service employing clustering technology
- Clustering enhances reliability, availability, and auto load balancing
- View as a single service rather than individual appliance that needs to be monitored
Comprehensive Lifecycle Key management:
- Key Management for single system or entire network

Product Highlights

Rapid Deployment	The innovative Fibre Channel redirect capabilities in Cisco MDS 9000 SAN-OS enable traffic from any switch port to be encrypted without SAN reconfiguration or re-wiring, eliminating down-time and simplifying deployment.

Secure Solution	Strong, IEEE compliant AES-256 encryption algorithms are used by Cisco SME to protect data at rest. Cisco MDS 9000 family SAN-OS security features, such as Secure Shell, Secure Sockets Layer, RADIUS protocol, and Fibre Channel Security Protocol provide the foundation for a secure FIPS level-3 architecture.

Integrated Management	Cisco SME is configured and provisioned using Cisco MDS 9000 CLI and Cisco Fabric Manager; no new management software is needed. In addition to consistent management interfaces, Cisco SME supports role based access control (RBAC) and RADIUS/TACACS+ servers for unified credentials management.

Simplified Provisioning	Cisco MDS 9000 family switches and Cisco SME are both managed with the same software, command-line interface (CLI), and Cisco Fabric Manager; no new management software is needed. In addition to consistent interfaces, Cisco SME supports RBAC; authentication, authorization, and accounting (AAA) servers; and VSAN-based access control for unified credentials management.

Advanced Key Management	Cisco SME offers secure, comprehensive key management, with provisions for master keys to reside in smart cards. Storage media keys reside in clear text only within the crypto boundary on the switch module. For flexibility, Cisco SME can provide either a unique media key for each tape or for each tape volume group. Tape keys can also be stored on the tapes. Media keys are encrypted before storage or transport to the Cisco Key Management Center (KMC). Integrated key management services are available with media key archival, recovery, distribution, and shredding. Cisco KMC accommodates single- and multiple-site environments. Keys and management traffic are transported securely using the SSH, and HTTPS protocols.

Compatible Product Family Models

Cisco MDS 9222i Multiservice Modular Fabric Switch
Cisco MDS 18/4 Module in MDS

Service and Support, HP Care Pack, and Warranty Information

Warranty	(1-1-1) Hardware Warranty; 1-year parts; 1-year on-site (8x5, next business day response) and 1-year labor. NOTE: The hardware warranty covers firmware and embedded non-saleable software. For extended hardware installation and maintenance information, click the links below: http://h18005.www1.hp.com/services/carepaq/us/install/ http://h18005.www1.hp.com/services/carepaq/us/hardware/. NOTE: Certain restrictions and exclusions apply. Consult the Customer Support Center for details. Hardware or Software product installation is not included in the warranty, but is available and highly recommended.

HP Service & Warranty Support

HP Service & Warranty Support Additional Warranty protection and/or HP Installation packages can be purchased.
NOTE: Certain restrictions and exclusions apply. Consult the Customer Support Center for details. HP provides a one-year, hardware limited warranty, fully supported by a worldwide network of resellers and service providers.

In addition, available service offerings include a full range of HP Care Pack packaged hardware and software services:

Installation
Extended coverage hours and enhanced response times
System management and performance services

For more information on warranty and support options, please visit our Web site at: http://www.hp.com/hps/tech/storage/supp/.

Software Product Services

Software Warranty - HP warrants only that the software media will be free of physical defects for a period of ninety (90) days from delivery.
EXCLUSIVE REMEDY -The entire liability of HP and its suppliers and your exclusive remedy for software that does not conform to this Limited Warranty shall be the repair or replacement of the defective media. This warranty and remedy are subject to your returning the defective media during the warranty period to HP in the country in which you obtained the software.
NOTE: Certain restrictions and exclusions apply. Consult the Customer Support Center for details.
Hardware or Software product installation is not included in the warranty, but is available and highly recommended.

HP Care Pack Services Warranty Upgrade Options

Service offerings include a full range of Customer HP Care Pack services for both hardware and software services:

Response - Upgrade on-site response from next business day to same day 4-hours
Coverage - Extend hours of coverage from 5 days x 9 hours to 7 days x 24 hours
Duration - Select duration of coverage for a period of 1, 3, or 5 years

Additional Warranty protection and/or HP Installation packages can be purchased.

NOTE: Certain restrictions and exclusions apply. Consult the HP Customer Support Center for details.

HP Care Pack Information

HP Care Pack is defined as an upgrade to the product warranty attribute, available for a specific duration and hours of coverage.

HP Care Pack is not available for less than the product's warranty duration.
HP Care Pack is available for sale anytime during the warranty period for most products, but the commencement date will be the same as the Warranty Start Date (delivery date to end user customer). Proof of purchase may be required.
HP Care Pack services are prepaid.

For additional HP Care Pack (hardware & software) information, as well as orderable part numbers, please refer to the URL listed below: http://h18005.www1.hp.com/services/carepaq/index.html

Additional Services

Installation service; SAN Solution service; SAN-Environmental Support service; SAN Architecture service; Proactive 24.
For more information on these and other service options, please contact any of our worldwide sales offices or visit our Web site at: http://www.hp.com/hps/support.

Configuration Information

Step 1 – Base Configuration
Select one:
Model	Model Description	Part Number
Cisco Storage Media Encryption Software - MDS 9500	HP Storage Media Encryption Package for compatible modules in the Cisco MDS 9500 Director	T5415A
Cisco Storage Media Encryption Software - MDS 9200	HP Storage Media Encryption Package for compatible modules in the Cisco MDS 9200 Director	T5418A
Cisco Storage Media Encryption Software - MDS 9222i	HP Storage Media Encryption Package for the Cisco MDS 9222i Switch	T5414A

Step 2 - Options
Model Description	Quantity	Part Number
Smart Card Reader
Smart Card Reader for Cisco SME	1 Max	AG872A
Smart Card for Cisco SME	1 Max	AG873A

Technical Specifications

Product Compatibility	Cisco MDS 9500 Series Multilayer Directors and MDS 9200 Series Multilayer Fabric Switches
Software Compatibility	Cisco MDS 9000 SAN-OS Software Release 3.2(1) or later Cisco Fabric Manager Release 3.2(1) or later
Protocols	Simple Network Management Protocol Version 3 (SNMPv3) SSH Version 2 (SSHv2) SSL and HTTPS RADIUS/TACACS+ authentication protocols
Approvals and Compliance	Common Criteria (CC) EAL-3 FIPS 140-2 Level 2
Key management server requirements	Processor Intel Pentium IV 1.4-GHz processor (minimum) for Windows and Linux Sun UltraSPARC 900-MHz processor (minimum) for Solaris Memory Server with database and Web server: 2 GB (minimum) Disk space Cisco Fabric Manager application: 200 MB including PostgreSQL database and log files Java Virtual Machine (JVM): 35 MB Software Windows 2000, 2003 Server, or XP; Solaris 9 or 10; or Red Hat Linux operating system VMware, Citrix, Microsoft Terminal Server, and Virtual Network Computing (VNC) JVM Version 1.5.0 TCP/IP software stack

The information contained herein is subject to change without notice.

The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

DA-12910 1 - Version 1 - February 11, 2008