Cisco MDS 9000 Family Storage Media Encryption Configuration Guide

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Results

Updated:: April 8, 2013

Chapter: Offline Data Restore Tool

Information About Offline Data Restore Tool
ODRT Requirements

Offline Data Recovery in SME

The SME solution provides seamless encryption service through a hardware-based encryption engine. When the MSM-18/4 module or the Cisco MDS 9222i fabric switch is not available, you can use the Offline Data Restore Tool (ODRT).

Note The offline data recovery in SME is only applicable for SME Tape.

This appendix describes the basic functionalities and operations of this software application and covers the following sections:

•Information About Offline Data Restore Tool

•ODRT Requirements

Information About Offline Data Restore Tool

The Offline Data Restore Tool (ODRT) is a standalone Linux application and is a comprehensive solution for recovering encrypted data on tape volume groups when the MSM-18/4 module or the Cisco MDS 9222i switch is unavailable. The ODRT reads the tape volumes, encrypted by SME, and decrypts and decompresses the data and then writes clear-text data back to the tape volumes.

Figure C-1 shows the topology supported by the ODRT.

Figure C-1

Offline Data Restore Tool (ODRT) Topology

The encryption and decryption of data works in the following two steps:

•Tape-to-disk- The ODRT reads the encrypted data from the tape and stores it as intermediate files on the disk.

•Disk-to-tape- The ODRT reads intermediate files on the disk, decrypts and decompresses (if applicable) the data and writes the clear-text data to the tape.

The decryption key is obtained from the volume group file which you need to export from the Cisco Key Management Center (KMC). For information on exporting volume groups, see Chapter 7 "Configuring SME Key Management."

The ODRT feature is invoked by entering the odrt.bin command from the Linux shell. For more information about the odrt.bin command, see "SME CLI Commands."