HP Secure Encryption manual Configuration

Page 32

3.Complete the following:

o Under Create Crypto Officer Password, enter and re-enter the password in the fields provided. o Under Encryption Mode, select one of the following:

Enable and Allow Future Plaintext Volumes: Allowing future plaintext volumes still requires authentication by the Crypto Officer or the User if attempting to create a plaintext logical drive.

Enable and Disallow Future Plaintext Volumes: This option prevents the creation of new plaintext volumes on the controller. This setting can be changed later by the Crypto Officer. Selecting this option does not prevent the migration of a set of drives with existing plaintext volumes to the controller.

oEnter the name of the Master Key that was created on the ESKM in the field provided. The Master Key name must be between 8 and 64 characters.

o Under Key Management Mode, select Remote Key Management Mode.

4.Click OK.

5.A EULA screen appears. If you have read and agree to the terms of the EULA, select the check box and click Accept.

6.A summary screen appears indicating the controller has been successfully configured for encryption use. Click Finish to continue.

7.The Encryption Manager home screen appears with updated Settings, Accounts, and Utilities options.

IMPORTANT: HP recommends setting up a password recovery question and answer after initial configuration. If the Crypto Officer password is lost and a recovery question and answer have not been set, you will need to erase and reconfigure all HP Secure Encryption settings in order to reset the Crypto Officer password. For more information, see "Set or change the password recovery question (on page 35)."

Configuration 32

Page 31 Page 33
Image 32
Page 31 Page 33
Contents HP Secure Encryption Installation and User Guide Page Contents Support and other resources Overview About HP Secure EncryptionEncryption features BenefitsFeature Description Eskm HP ProLiant servers Solution componentsHP Smart Storage Administrator HP Smart Array Controller HP SmartCacheHP iLO Minimum requirementsHP Enterprise Secure Key Manager 3.1 and later HP Eskm and key managementLicensing Encryption setup guidelines Recommended security settings at remote sitesEncrypted backups PlanningRemote and local key management requirements Security domainsDeployment scenarios Configuring the controller local mode ConfigurationLocal key management mode Configuration Remote Key Management Mode Configuring Remote Key Management ModeAdding a user Configuring the HP EskmLogging in to the HP Eskm Configuration Adding a group Assigning a user to a group Configuration Configuration Creating a Master Key Placing a key in a group Running a key queryConfiguration Assigning a key to a group Configuring HP iLO Connecting HP iLO to HP Eskm Configuration Configuring the controller remote mode Configuration Accessing Encryption Manager OperationsOpening Encryption Manager Logging into Encryption ManagerManaging passwords Set or change the Crypto Officer passwordSet or change the password recovery question Set or change user account passwordSet or change the controller password Suspending the controller password Resuming the controller password Rekeying the Drive Encryption Keys Working with keysChanging the Master Encryption Key Creating a plaintext volume Rescanning keysOperations Operations Converting plaintext volumes into encrypted volumes Changing key management modes Enabling/disabling plaintext volumes Enabling/disabling the firmware lock Enabling/disabling local key cache Importing drive sets in Local Key Management Mode Importing drives with different Master KeysOperations Maintenance ControllersDrives Flashing firmwareReplacing a physical drive Encryption ManagerQuery by drive serial number GroupsLocating groups associated with a drive Maintenance Query by previous server name Maintenance Displaying log information Running queries Maintenance Maintenance Maintenance Troubleshooting Common issuesLost or forgotten Crypto Officer password Lost or forgotten controller passwordLocal mode Remote modeLocating the key using the HP Eskm Lost or forgotten Master KeyLocating the key using iLO Forgotten which Master key goes with which drive Logical drives remain offline Master key not exportingTesting the connection between HP iLO and the HP Eskm Potential errors encountered Error Description Action Clearing the encryption configuration HP contact information Support and other resourcesBefore you contact HP Appendix Encryption algorithmsGlossary ILO Local Master Encryption KeyMaster Encryption Key PlaintextVolume encryption key Remote Key ManagerDocumentation feedback Index EskmIndex
Top Page Image Contents