Troubleshooting guide
1-11
Cisco Wide Area Application Services Configuration Guide
OL-26579-01
Chapter 1 Configuring Other System Settings
Configuring Secure Store Settings
Secure store encryption on a Central Manager uses one of the following modes:
• Auto-generated passphrase mode—The passphrase is automatically generated by the Central
Manager and used to open the secure store after each system reboot. This is the default mode for
new Central Manager devices or after the system has been reinstalled.
• User-provided passphrase mode—The passphrase is supplied by the user and must be entered after
each system reboot to open the secure store. You can switch to this mode, and systems upgraded
from versions prior to 4.4.1, with secure store initialized, are configured in this mode after
upgrading to 4.4.1 or later.
To implement secure store your system must meet the following requirements:
• You must have a Central Manager configured for use in your network.
• Your WAE devices must be registered with the Central Manager.
• Your WAE devices must be online (have an active connection) with the Central Manager. This
requirement applies only if you are enabling secure store on WAE devices.
• All Central Managers and WAE devices must be running WAAS software version 4.0.19 or higher.
To implement strong store encryption, follow these steps:
Step 1 Enable strong storage encryption on your primary Central Manager. See Enabling Secure Store
Encryption on the Central Manager.
Step 2 Enable strong storage encryption on any standby Central Managers. See Enabling Secure Store
Encryption on a Standby Central Manager.
Step 3 Enable strong storage encryption on WAE devices or WAE device groups. See Enabling Secure Store
Encryption on a WAE Device. (Secure store must be enabled on the Central Manager before you enable
it on the WAE devices.)
You can enable secure store independently on the Central Manager and on the WAE devices. To ensure
full protection of your encrypted data, enable secure store on both the Central Manager and the WAE
devices. You must enable secure store on the Central Manager first.
Note When you reboot the Central Manager, if secure store is in user-provided passphrase mode, you must
manually open secure store encryption. All services that use the secure store (disk encryption, CIFS
prepositioning, SSL acceleration, AAA, and so on) on the remote WAE devices do not operate properly
until you enter the secure store password on the Central Manager to open secure store encryption.
Note the following considerations regarding the secure store:
• Passwords stored in the Central Manager database are encrypted using strong encryption techniques.
• CIFS prepositioning credentials are encrypted using the strong encryption key on the Central
Manager and the WAE devices.
• Certificate key files are encrypted using the strong encryption key on the Central Manager.
• If a primary Central Manager fails, secure store key management is handled by the standby Central
Manager. (Secure store mode must be enabled manually on the standby Central Manager.)
• Backup scripts back up the secure store passphrase mode (user-provided or auto-generated) of the
device at the time of backup. Backup and restore are supported only on the Central Manager.