Manualshelf

Troubleshooting guide

ManualsBrandsCisco ManualsComputer equipmentWide Area Virtualization Engine 274
281282283284285286287288289290
1-13
Cisco Wide Area Application Services Configuration Guide
OL-26579-01
Chapter 1 Configuring Other System Settings
Configuring Secure Store Settings
Note When you enable secure store on the primary Central Manager in user-provided passphrase mode, you
should enable secure store on the standby Central Manager as well. See Enabling Secure Store
Encryption on a Standby Central Manager, page 1-13.
You can check the status of secure store encryption by entering the show cms secure-store command.
Enabling Secure Store Encryption on a Standby Central Manager
Note A standby Central Manager provides limited encryption key management support. If the primary Central
Manager fails, the standby Central Manager provides only encryption key retrieval to the WAE devices
but does not provide new encryption key initialization. Do not enable disk encryption or secure store on
WAE devices when the primary Central Manager is not available.
The secure store passphrase mode on the primary Central Manager is replicated to the standby Central
Manager (within the standard replication time). If the primary Central Manager is switched to
auto-generated passphrase mode, the standby Central Manager secure store changes to the open state. If
the primary Central Manager is switched to user-provided passphrase mode or the passphrase is changed,
the standby Central Manager secure store changes to the initialized but not open state and an alarm is
raised. You must manually open the secure store on the standby Central Manager.
To enable secure store encryption on a standby Central Manager when the primary Central Manager is
in user-provided passphrase mode, open the secure store on the primary Central Manager and then use
the CLI to execute the cms secure-store open EXEC mode command on the standby Central Manager:
Step 1 Enable secure store encryption on the primary Central Manager. See the “Enabling Secure Store
Encryption on the Central Manager” section on page 1-12.
Step 2 Wait until the standby Central Manager replicates the data from the primary Central Manager.
The replication should occur in 60 seconds (default) or as configured for your system.
Step 3 Enter the cms secure-store open command on the standby Central Manager to activate secure store
encryption.
The standby Central Manager responds with the “please enter pass phrase” message.
Step 4 Type the password and press Enter.
The standby Central Manager encrypts the data using secure store encryption.
Note Repeat Steps 3 and 4 for each standby Central Manager on your system.
You can check the status of secure store encryption by entering the show cms secure-store command.
Enabling Secure Store Encryption on a WAE Device
To enable secure store encryption on a WAE device, follow these steps: