HP Secure Encryption manual Configuring the HP Eskm, Logging in to the HP Eskm, Adding a user

Page 18

4.Configure the HP Smart Array Controller ("Configuring the controller (remote mode)" on page 31, "Configuring the controller (local mode)" on page 15).

Configuring the HP ESKM

1.Log in to the HP ESKM ("Logging in to the HP ESKM" on page 18).

2.Create initial user accounts ("Adding a user" on page 18).

a.Create a temporary user account for deployment.

b.Create a user account to host Master Encryption Keys.

3.Create a group ("Adding a group" on page 20).

4.Assign the user account for hosting Master Encryption Keys to the group created in step 3 ("Assigning

auser to a group" on page 21 ).

5.Create a Master Encryption Key to be used by the controller ("Creating a Master Key" on page 24).Be sure to set the owner of the key to the user account created to host the Master Encryption Key created in Step 2b.

6.Place the Master Encryption Key in the group created in step 3 ("Placing a key in a group" on page 25).

Logging in to the HP ESKM

1.Open a new browser window and enter the IPv4 address and web administration port number using https. The port is user-configurable. The default port is 9443.

Example: https://11.12.13.14:9443

2.Log in using administrator credentials.

Adding a user

IMPORTANT: Passwords must contain at least five different characters. Passwords cannot:

•Contain only whitespace

•Resemble a phone number, dictionary word or reversed dictionary word

•Be based on the username associated with the password

The deployment user is the first user account created and is typically deleted after initial configuration has been completed. It is a temporary account set up to allow HP iLO to connect to the HP ESKM and begin using keys. Subsequent standard user accounts are assigned Master Encryption Keys and are not considered temporary.

To add a user:

1.Log in to the HP ESKM ("Logging in to the HP ESKM" on page 18).

Configuration 18

Image 18

Contents HP Secure Encryption Installation and User Guide Page Contents Support and other resources Overview About HP Secure EncryptionEncryption features BenefitsFeature Description Eskm Solution components HP Smart Storage AdministratorHP ProLiant servers HP iLO HP Smart Array ControllerHP SmartCache Minimum requirementsHP Enterprise Secure Key Manager 3.1 and later HP Eskm and key managementLicensing Encrypted backups Encryption setup guidelinesRecommended security settings at remote sites PlanningSecurity domains Deployment scenariosRemote and local key management requirements Configuration Local key management mode Configuring the controller local mode Configuration Remote Key Management Mode Configuring Remote Key Management ModeConfiguring the HP Eskm Logging in to the HP EskmAdding a user Configuration Adding a group Assigning a user to a group Configuration Configuration Creating a Master Key Placing a key in a group Running a key queryConfiguration Assigning a key to a group Configuring HP iLO Connecting HP iLO to HP Eskm Configuration Configuring the controller remote mode Configuration Opening Encryption Manager Accessing Encryption ManagerOperations Logging into Encryption ManagerManaging passwords Set or change the Crypto Officer passwordSet or change the password recovery question Set or change user account passwordSet or change the controller password Suspending the controller password Resuming the controller password Working with keys Changing the Master Encryption KeyRekeying the Drive Encryption Keys Creating a plaintext volume Rescanning keysOperations Operations Converting plaintext volumes into encrypted volumes Changing key management modes Enabling/disabling plaintext volumes Enabling/disabling the firmware lock Enabling/disabling local key cache Importing drive sets in Local Key Management Mode Importing drives with different Master KeysOperations Maintenance ControllersReplacing a physical drive DrivesFlashing firmware Encryption ManagerGroups Locating groups associated with a driveQuery by drive serial number Maintenance Query by previous server name Maintenance Displaying log information Running queries Maintenance Maintenance Maintenance Lost or forgotten Crypto Officer password TroubleshootingCommon issues Lost or forgotten controller passwordLocating the key using the HP Eskm Local modeRemote mode Lost or forgotten Master KeyLocating the key using iLO Forgotten which Master key goes with which drive Logical drives remain offline Master key not exportingTesting the connection between HP iLO and the HP Eskm Potential errors encountered Error Description Action Clearing the encryption configuration Support and other resources Before you contact HPHP contact information Appendix Encryption algorithmsGlossary Master Encryption Key ILOLocal Master Encryption Key PlaintextVolume encryption key Remote Key ManagerDocumentation feedback Index EskmIndex