HP Offline Smart Storage Administrator and Secure Encryption Management

Page 62

If the OS logical drive is encrypted, offline HP SSA will be required to perform the steps below. For more information, see the HP Smart Storage Administrator User Guide.

To clear the controller password:

1.Open Encryption Manager ("Opening Encryption Manager" on page 33).

2.Log in as the Crypto Officer ("Logging into Encryption Manager" on page 33).

3.Under Settings, locate Controller Password. Click Remove Controller Password.

4.A window appears, asking you to confirm that you want to remove the controller password. Click Yes. Volumes appear online and are available.

Lost or forgotten Master Key

IMPORTANT: HP strongly recommends storing a backup of the Master Encryption Key in a secure location. In some instances it is possible that a missing key will render your data inaccessible. If operating HP Secure Encryption in Remote Key Management Mode, HP strongly recommends that you back up the ESKM regularly.

Local mode

If operating HP Secure Encryption in Local Mode, securing the Master Encryption Key value is critical to accessing the encrypted logical drive data. If the controller requires replacement or if the physical drives are moved to another controller, a matching Master Key is required to gain access to the data. Master Keys are not recoverable if lost. If the Master Key is lost or forgotten, you must perform a data restore operation from the backup media to regain access to the data.

Remote mode

Locating the key using the HP ESKM

To locate a lost or forgotten Master Encryption Key using the HP ESKM:

1.Log in to the HP ESKM ("Logging in to the HP ESKM" on page 18).

Troubleshooting 62

Image 62

Contents HP Secure Encryption Installation and User Guide Page Contents Support and other resources Overview About HP Secure EncryptionEncryption features BenefitsFeature Description Eskm HP ProLiant servers Solution componentsHP Smart Storage Administrator HP iLO HP Smart Array ControllerHP SmartCache Minimum requirementsHP Enterprise Secure Key Manager 3.1 and later HP Eskm and key managementLicensing Encrypted backups Encryption setup guidelinesRecommended security settings at remote sites PlanningRemote and local key management requirements Security domainsDeployment scenarios Configuring the controller local mode ConfigurationLocal key management mode Configuration Remote Key Management Mode Configuring Remote Key Management ModeAdding a user Configuring the HP EskmLogging in to the HP Eskm Configuration Adding a group Assigning a user to a group Configuration Configuration Creating a Master Key Placing a key in a group Running a key queryConfiguration Assigning a key to a group Configuring HP iLO Connecting HP iLO to HP Eskm Configuration Configuring the controller remote mode Configuration Opening Encryption Manager Accessing Encryption ManagerOperations Logging into Encryption ManagerManaging passwords Set or change the Crypto Officer passwordSet or change the password recovery question Set or change user account passwordSet or change the controller password Suspending the controller password Resuming the controller password Rekeying the Drive Encryption Keys Working with keysChanging the Master Encryption Key Creating a plaintext volume Rescanning keysOperations Operations Converting plaintext volumes into encrypted volumes Changing key management modes Enabling/disabling plaintext volumes Enabling/disabling the firmware lock Enabling/disabling local key cache Importing drive sets in Local Key Management Mode Importing drives with different Master KeysOperations Maintenance ControllersReplacing a physical drive DrivesFlashing firmware Encryption ManagerQuery by drive serial number GroupsLocating groups associated with a drive Maintenance Query by previous server name Maintenance Displaying log information Running queries Maintenance Maintenance Maintenance Lost or forgotten Crypto Officer password TroubleshootingCommon issues Lost or forgotten controller passwordLocating the key using the HP Eskm Local modeRemote mode Lost or forgotten Master KeyLocating the key using iLO Forgotten which Master key goes with which drive Logical drives remain offline Master key not exportingTesting the connection between HP iLO and the HP Eskm Potential errors encountered Error Description Action Clearing the encryption configuration HP contact information Support and other resourcesBefore you contact HP Appendix Encryption algorithmsGlossary Master Encryption Key ILOLocal Master Encryption Key PlaintextVolume encryption key Remote Key ManagerDocumentation feedback Index EskmIndex