Another administrator deletes the IPSec trust store from UCM’s Security > Certificate Management page.
Which of the following is most likely to be affected by this change?
A.
encryption of DRS backups made prior to the change
B.
encrypted communication between DRS Master Agents and Local Agents
C.
addition of new backup devices to a DRS schedule
D.
deletion of old backup devices from a DRS schedule
E.
access to network storage location configuration
Explanation:
Of the available choices, encrypted communication between Cisco Unified Communications Manager (UCM)
Disaster Recovery System (DRS) Master Agents and Local Agents is most likely to be affected by this change.
Master Agents store component registrations, maintain scheduled tasks, and store backup data on a locally
attached device. Local Agents, which are installed and activated by default on each cluster node, are
responsible for running backup and restore scripts on the local server. DRS uses Secure Sockets Layer (SSL)
to both authenticate and encrypt data between a Master Agent and a Local Agent. In addition, DRS uses IP
Security (IPSec) for public key infrastructure (PKI) encryption. The deletion of the IPSec trust store from UCM’s
security configuration can cause DRS to function improperly.
Encryption of DRS backups will not likely be affected by this change. DRS uses the existing cluster security
password when performing encryption on a backup. If the cluster security password is modified by using the
command-line interface (CLI) or by a fresh UCM installation, you might not be able to decrypt and restore that
backup. Workarounds to this issue include remembering the old cluster security password that was used to
encrypt the data or immediately performing a fresh backup when the cluster security password changes.
The addition or deletion of backup devices to a DRS schedule will not be affected by this change. However, it is
important to note that a backup device cannot be deleted from DRS if that backup device is part of an existing
backup schedule. In order to remove an existing backup device from a DRS configuration, you must first
ensure that the device has been removed from any backup schedules in which it might be configured.
Access to network storage location configuration will not be affected by this change. In order to configure
network storage locations, you must have access to a Secure File Transfer Protocol (SFTP) server. In addition
to backing up data to devices that are directly connected to a Master Agent, DRS can back up to network
storage locations by using SFTP.Cisco: Disaster Recovery System Administration Guide for Release 8.5(1): What is the Disaster Recovery
System?