Troubleshooting guide

ManualsBrandsCisco ManualsComputer equipmentWide Area Virtualization Engine 274

281

282

283

284

285

286

287

288

289

290

1-10

Cisco Wide Area Application Services Configuration Guide

OL-26579-01

Chapter 1 Configuring Other System Settings

Configuring Secure Store Settings

UTC was formerly known as Greenwich Mean Time (GMT). The offset time (number of hours ahead or

behind UTC) as displayed in the table is in effect during winter time. During summer time or daylight

saving time, the offset may be different from the values in the table and is calculated and displayed

accordingly by the system clock.

Configuring Secure Store Settings

Secure store encryption provides strong encryption and key management for your WAAS system. The

WAAS Central Manager and WAE devices use secure store encryption for handling passwords,

managing encryption keys, and for data encryption.

This section contains the following topics:

• Secure Store Overview, page 1-10

• Enabling Secure Store Encryption on the Central Manager, page 1-12

• Enabling Secure Store Encryption on a Standby Central Manager, page 1-13

• Enabling Secure Store Encryption on a WAE Device, page 1-13

• Changing Secure Store Passphrase Mode, page 1-14

• Changing the Secure Store Encryption Key and Password, page 1-15

• Resetting Secure Store Encryption on a Central Manager, page 1-16

• Disabling Secure Store Encryption on a WAE Device, page 1-17

Secure Store Overview

With secure store encryption on the Central Manager or a WAE device, the WAAS system uses strong

encryption algorithms and key management policies to protect certain data on the system. This data

includes encryption keys used by applications in the WAAS system, CIFS accelerator passwords for

prepositioning, user login passwords, NAM credentials, and certificate key files.

Secure store encryption on the Central Manager is always enabled and uses a password that is

auto-generated or user-provided. This password is used to generate the key encryption key according to

secure standards. The WAAS system uses the key encryption key to encrypt and store other keys

generated on the Central Manager or WAE devices. These other keys are used for WAAS functions

including disk encryption, SSL acceleration, or to encrypt and store CIFS accelerator credentials, and

user passwords.

Data on the Central Manager is encrypted using a 256-bit key encryption key generated from the

password and using SHA1 hashing and an AES 256-bit algorithm. When secure store is enabled on a

WAE device the data is encrypted using a 256-bit key encryption key generated using SecureRandom, a

cryptographically strong pseudorandom number generator.

US/Mountain –7

US/Pacific –8

Table 1-3 Timezone—Offset from UTC (continued)

Time Zone

Offset from UTC

(in hours)