HP Secure Encryption manual Feature Description

Page 7

Feature

Description

Notes

 

 

 

Controller key cache

HP Smart Array Controllers can optionally

Remote Mode only

 

store all keys required at boot time inside

 

 

the controller, enabling the server to

 

 

survive a variety of network outages.

 

Controller password

Protects the server in the event of theft by

For more information, see "Set or

 

applying a secondary password upon

change the controller password (on

 

boot to lock down the controller.

page 36)."

 

 

 

Dynamic Encryption

Enables smooth transitions between local

 

and remote modes, the conversion of

 

 

plaintext data to encrypted data, and

 

 

rekey services for both data and key

 

 

wraps.

 

Encryption keys

Data is protected using a series of keys

 

that provide layered protection at the

 

 

volume and drive levels. The solution

 

 

utilizes XTS-AES 256-bit encryption.

 

Firmware lock

Prevents controller firmware from being

For more information, see

 

updated unintentionally or by

"Enabling/disabling the firmware

 

unauthorized personnel.

lock (on page 46)."

 

 

 

Hardware-based encryption

Utilizes the HP Smart Array Controller

For more information about Smart

 

hardware to accelerate all cryptographic

Array controllers, see the HP website

 

algorithms when securing data and keys.

(http://www.hp.com/products/sma

 

 

rtarray).

 

 

 

HP Enterprise Secure Key

The HP ESKM or later unifies and

Remote Mode only. For more

Manager 3.1 and later

automates an organization’s encryption

information, see "HP Enterprise

 

controls by securely creating, protecting,

Secure Key Manager 3.1 and later

 

serving, controlling, and auditing access

(on page 11)."

 

to encryption keys.

 

HP ESKM key search

Individual Drive Encryption Keys are

Remote Mode only. For more

 

visible by serial number identification on

information, see "Running queries

 

the HP ESKM to enable unique tracking

(on page 57)."

 

and management from a central location.

 

 

The HP ESKM supports query by serial

 

 

number, server name, bay number, PCI

 

 

slot, and date.

 

HP Smart Storage

HP Smart Storage Administrator

For more information, see "HP Smart

Administrator

v1.60.xx.0 and later provides the

Storage Administrator (on page 9)."

 

configuration and management of the

 

 

cryptographic features of HP Secure

 

 

Encryption associated with HP Smart

 

 

Array Controllers.

 

Overview 7

Page 6 Page 8
Image 7
Page 6 Page 8
Contents HP Secure Encryption Installation and User Guide Page Contents Support and other resources About HP Secure Encryption OverviewBenefits Encryption featuresFeature Description Eskm HP Smart Storage Administrator Solution componentsHP ProLiant servers Minimum requirements HP Smart Array ControllerHP SmartCache HP iLOHP Eskm and key management HP Enterprise Secure Key Manager 3.1 and laterLicensing Planning Encryption setup guidelinesRecommended security settings at remote sites Encrypted backupsDeployment scenarios Security domainsRemote and local key management requirements Local key management mode ConfigurationConfiguring the controller local mode Configuration Configuring Remote Key Management Mode Remote Key Management ModeLogging in to the HP Eskm Configuring the HP EskmAdding a user Configuration Adding a group Assigning a user to a group Configuration Configuration Creating a Master Key Running a key query Placing a key in a groupConfiguration Assigning a key to a group Configuring HP iLO Connecting HP iLO to HP Eskm Configuration Configuring the controller remote mode Configuration Logging into Encryption Manager Accessing Encryption ManagerOperations Opening Encryption ManagerSet or change the Crypto Officer password Managing passwordsSet or change user account password Set or change the password recovery questionSet or change the controller password Suspending the controller password Resuming the controller password Changing the Master Encryption Key Working with keysRekeying the Drive Encryption Keys Rescanning keys Creating a plaintext volumeOperations Operations Converting plaintext volumes into encrypted volumes Changing key management modes Enabling/disabling plaintext volumes Enabling/disabling the firmware lock Enabling/disabling local key cache Importing drives with different Master Keys Importing drive sets in Local Key Management ModeOperations Controllers MaintenanceEncryption Manager DrivesFlashing firmware Replacing a physical driveLocating groups associated with a drive GroupsQuery by drive serial number Maintenance Query by previous server name Maintenance Displaying log information Running queries Maintenance Maintenance Maintenance Lost or forgotten controller password TroubleshootingCommon issues Lost or forgotten Crypto Officer passwordLost or forgotten Master Key Local modeRemote mode Locating the key using the HP EskmLocating the key using iLO Forgotten which Master key goes with which drive Master key not exporting Logical drives remain offlineTesting the connection between HP iLO and the HP Eskm Potential errors encountered Error Description Action Clearing the encryption configuration Before you contact HP Support and other resourcesHP contact information Encryption algorithms AppendixGlossary Plaintext ILOLocal Master Encryption Key Master Encryption KeyRemote Key Manager Volume encryption keyDocumentation feedback Eskm IndexIndex
Top Page Image Contents