HP Secure Encryption manual Importing drive sets in Local Key Management Mode

Page 48

o Number of Access Attempts Before Deleting Local Key Cache o Retry Interval in Minutes

6.Click OK.

Importing drive sets in Local Key Management Mode

When the Master Encryption Key on an imported drive set is different from the Master Encryption Key on the receiving HP Smart Array Controller, the importing volumes remain offline until user intervention is taken. HP SSA can be used to supply the Master Key name for the importing drives.

In Remote Key Management Mode, drives automatically import when the associated key is present on the HP ESKM. If keys are unable to be retrieved but are confirmed to be on the HP ESKM, it is possible they are assigned to a different group.

Importing drives with different Master Keys

Migrating drives to a non-encrypted controller results in the logical volumes associated with those drives remaining offline until encryption is enabled with the proper Master Encryption Key settings and mode for that volume.

If non-encrypted drives are migrated to an encrypting controller, the controller automatically brings the logical volumes associated with those physical drives online and makes them available for use.

To import drives with a different Master Key into a controller when using Local Key Management Mode:

1.Power down the server. For more information, see the documentation that ships with the server.

2.Attach drives. For more information, see the documentation that ships with the drives.

3.Power up the server. For more information, see the documentation that ships with the server.

4.Start HP SSA. For more information, see the HP Smart Storage Administrator User Guide.

5.Under Array Controller(s), click the controller assigned to the new drives. Red alert message indicators will appear next to it.

6.Under Actions, click Configure.

7.From the side menu, click Encryption Manager.

8.Log in to Encryption Manager ("Logging into Encryption Manager" on page 33).

9.Under Utilities, click Import Foreign Local Key.

Operations 48

Image 48

Contents HP Secure Encryption Installation and User Guide Page Contents Support and other resources Overview About HP Secure EncryptionEncryption features BenefitsFeature Description Eskm Solution components HP Smart Storage AdministratorHP ProLiant servers HP Smart Array Controller HP SmartCacheHP iLO Minimum requirementsHP Enterprise Secure Key Manager 3.1 and later HP Eskm and key managementLicensing Encryption setup guidelines Recommended security settings at remote sitesEncrypted backups PlanningSecurity domains Deployment scenariosRemote and local key management requirements Configuration Local key management modeConfiguring the controller local mode Configuration Remote Key Management Mode Configuring Remote Key Management ModeConfiguring the HP Eskm Logging in to the HP EskmAdding a user Configuration Adding a group Assigning a user to a group Configuration Configuration Creating a Master Key Placing a key in a group Running a key queryConfiguration Assigning a key to a group Configuring HP iLO Connecting HP iLO to HP Eskm Configuration Configuring the controller remote mode Configuration Accessing Encryption Manager OperationsOpening Encryption Manager Logging into Encryption ManagerManaging passwords Set or change the Crypto Officer passwordSet or change the password recovery question Set or change user account passwordSet or change the controller password Suspending the controller password Resuming the controller password Working with keys Changing the Master Encryption KeyRekeying the Drive Encryption Keys Creating a plaintext volume Rescanning keysOperations Operations Converting plaintext volumes into encrypted volumes Changing key management modes Enabling/disabling plaintext volumes Enabling/disabling the firmware lock Enabling/disabling local key cache Importing drive sets in Local Key Management Mode Importing drives with different Master KeysOperations Maintenance ControllersDrives Flashing firmwareReplacing a physical drive Encryption ManagerGroups Locating groups associated with a driveQuery by drive serial number Maintenance Query by previous server name Maintenance Displaying log information Running queries Maintenance Maintenance Maintenance Troubleshooting Common issuesLost or forgotten Crypto Officer password Lost or forgotten controller passwordLocal mode Remote modeLocating the key using the HP Eskm Lost or forgotten Master KeyLocating the key using iLO Forgotten which Master key goes with which drive Logical drives remain offline Master key not exportingTesting the connection between HP iLO and the HP Eskm Potential errors encountered Error Description Action Clearing the encryption configuration Support and other resources Before you contact HPHP contact information Appendix Encryption algorithmsGlossary ILO Local Master Encryption KeyMaster Encryption Key PlaintextVolume encryption key Remote Key ManagerDocumentation feedback Index EskmIndex