Troubleshooting guide
1-31
Cisco Wide Area Application Services Configuration Guide
OL-26579-01
Chapter 1 Maintaining Your WAAS System
Enabling Disk Encryption
After you reboot your WAE, the encryption partitions are created using the new key, and any
previously existing data is removed from the partition.
Any change to the disk encryption configuration, whether to enable or disable encryption, causes the
disk to clear its cache. This feature protects sensitive customer data from being decrypted and accessed
should the WAE ever be stolen.
If you enable disk encryption and then downgrade to a software version that does not support this feature,
you will not be able to use the data partitions. In such cases, you must delete the disk partitions after you
downgrade.
To enable and disable disk encryption from the Central Manager GUI, choose Devices > device-name,
then choose Configure > Storage > Disk Encryption. To enable disk encryption, check the Enable
check box and click Submit. This box is unchecked by default. To disable disk encryption, uncheck the
Enable check box and click Submit.
To enable and disable disk encryption from the WAE CLI, use the disk encrypt global configuration
command.
Note If you are using an NPE image, the disk encryption feature has been disabled for use in countries where
disk encryption is not permitted.
When you enable or disable disk encryption, the file system is reinitialized during the first subsequent
reboot. Reinitialization may take from ten minutes to several hours, depending on the size of the disk
partitions. During this time, the WAE will be accessible, but it will not be providing any services.
If you change the Central Manager IP address, or if you relocate the Central Manager, or replace one
Central Manager with another Central Manager that has not copied over all of the information from the
original Central Manager, and you reload the WAE when disk encryption is enabled, the WAE file system
will not be able to complete the reinitialization process or obtain the encryption key from the Central
Manager.
If the WAE fails to obtain the encryption key, disable disk encryption by using the no disk encrypt
enable global configuration command from the CLI, and reload the WAE. Ensure connectivity to the
Central Manager before you enable disk encryption and reload the WAE. This process will clear the disk
cache.
Note When a standby Central Manager has been in service for at least 2 times the datafeed poll rate time
interval (approximately 10 minutes) and has received management updates from the primary Central
Manager, the updates will include the latest version of the encryption key. Failover to the standby in this
situation occurs transparently to the WAE. The datefeed poll rate defines the interval for the WAE to poll
the Central Manager for configuration changes. This interval is 300 seconds by default.
To view the encryption status details, use the show disks details EXEC command. While the file system
is initializing, show disks details displays the following message: “
System initialization is not
finished, please wait...
” You may also view the disk encryption status, whether it is enabled or
disabled, in the Central Manager GUI, Device Dashboard window.