Troubleshooting guide
1-30
Cisco Wide Area Application Services Configuration Guide
OL-26579-01
Chapter 1 Maintaining Your WAAS System
Enabling Disk Encryption
WAE2# configure
WAE2(config)# central-manager role primary
WAE(config)# cms enable
The CMS service is restarted automatically when you configure a role change.
Central Manager Failover and Recovery
If your primary WAAS Central Manager becomes inoperable, you can reconfigure one of your standby
Central Managers to be the primary Central Manager and then later, when the failed Central Manager
becomes available, you can reconfigure it to be primary again. Follow these steps:
Step 1 Convert a standby Central Manager to be the primary Central Manager as described in the “Converting
a Standby Central Manager to a Primary Central Manager” section on page 1-28.
Step 2 When the failed Central Manager is again available, configure it as a standby Central Manager as
described in the “Converting a Primary Central Manager to a Standby Central Manager” section on
page 1-28, beginning with Step 2. Skip the first step and do not use the cms deregister command.
Step 3 Switch both Central Manager roles as described in the “Switching Both Central Manager Roles” section
on page 1-29.
Enabling Disk Encryption
Disk encryption addresses the need to securely protect sensitive information that flows through deployed
WAAS systems and that is stored in WAAS persistent storage. The disk encryption feature includes two
aspects: the actual data encryption on the WAE disk and the encryption key storage and management.
When you enable disk encryption, all data in WAAS persistent storage will be encrypted. The encryption
key for unlocking the encrypted data is stored on the Central Manager, and key management is handled
by the Central Manager. When you reboot the WAE after configuring disk encryption, the WAE retrieves
the key from the Central Manager automatically, allowing normal access to the data that is stored in
WAAS persistent storage.
Note If a WAE is unable to reach the WAAS Central Manager during a reboot, it will do everything except
mount the encrypted partitions. In this state, all traffic will be handled as pass-through. Once
communication with the WAAS Central Manager is restored (and the encryption key is obtained), the
encrypted partitions are mounted. There is no loss of cache content.
Disk encryption requirements are as follows:
• You must have a Central Manager configured for use in your network.
• Your WAE devices must be registered with the Central Manager.
• Your WAE devices must be online (have an active connection) with the Central Manager. This
requirement applies only if you are enabling disk encryption.
• You must reboot your WAE for the disk encryption configuration to take effect.