1-6
Cisco MDS 9000 Family NX-OS Storage Media Encryption Configuration Guide
OL-29289-01
Chapter 1 Storage Media Encryption Overview
About SME
FC-Redirect
SME performance can easily be scaled up by adding more Cisco MDS 9000 Family switches or modules.
The innovative Fibre Channel redirect capabilities in Cisco MDS 9000 NX-OS enable traffic from any
switch port to be encrypted without SAN reconfiguration or rewiring.
Server-Based Discovery for Provisioning Disks and Tapes
SME provides discovery of backend targets using the identity of the host during a session establishment.
Target-Based Load Balancing
The SME cluster consists of a set of switches (in a dual-fabric environment) running the SME
application. Clustering offers target-based load balancing of SME application services. The cluster
infrastructure allows the SME application to communicate and coordinate to maintain consistency and
high availability.
Load balancing is achieved by distributing ownership of the various metadata objects throughout the
cluster. SME assigns hosts to the available SME interfaces using the following algorithm:
•
All hosts for a given target port are always assigned to the same SME interface.
•
If a target port is connected to one of the SME switches, an interface is selected based on the load
from the target-connected switch. That is, the target locality is considered when choosing a SME
interface for a target.
•
If a target is connected to a switch that has no SME interface, then the target is assigned to the least
loaded available interface in the SME cluster.
In target-based load balancing, the load on an interface refers to the number of targets assigned to that
interface.
Caution
SME provides a load balancing CLI that allows you to rebalance the targets assigned to the available
SME interfaces in the cluster. However, the
load balancing
command is disruptive to the traffic. Ensure
that you execute this command at a scheduled downtime, otherwise, the existing traffic will be affected.
SME Terminology
The following SME-related terms are used in this book:
•
SME interface—The security engine in the MSM-18/4 module or fixed slot of a Cisco MDS 9222i
fabric switch. Each MSM-18/4 module and MDS 9222i switch has one security engine.
•
SME cluster—A network of MDS switches that are configured to provide the SME functionality;
each switch includes one or more MSM-18/4 modules and each module includes a security engine.
Includes one or more nodes or switches for high availability (HA) and load balancing.
•
Fabric—A physical fabric topology in the SAN as seen by DCNM-SAN. There can be multiple
VSANs (logical fabrics) within the physical fabric.
•
Tape group—A backup environment in the SAN. This consists of all the tape backup servers and the
tape libraries that they access.
•
Tape device—A tape drive that is configured for encryption.
•
Tape volumes—A physical tape cartridge identified by a barcode for a given use.
