HP Secure Encryption manual Eskm

Page 8

Feature

Description

Notes

 

 

 

Integrated Lights Out (iLO)

HP iLO Management is a comprehensive

Remote Mode only. For more

 

set of embedded management features

information, see "HP iLO (on page

 

supporting the complete lifecycle of the

10)."

 

server, from initial deployment, through

 

 

ongoing management, to service alerting

 

 

and remote support. HP iLO is provided

 

 

on all HP ProLiant Gen8 and later servers.

 

 

HP iLO 4 Advanced or Scale Out editions

 

 

v1.40 or later connect and auto-register

 

 

with the HP ESKM. HP iLO provides key

 

 

exchange support between the HP Smart

 

 

Array Controller and the HP ESKM to

 

 

enable pre-boot support for OS disk

 

 

encryption. Audit support is provided for

 

 

all key management transactions.

 

Instant volume erase

Provides ability to instantly,

 

cryptographically erase logical volumes

 

 

without having to delete the volume first

 

Key rotation support

Supports the rekeying of all keys utilized

 

by the controller to enable a robust key

 

 

rotation strategy

 

Local Key Management Mode

Focused on single server deployments

For more information, see "Local Key

 

where there is one Master Encryption Key

Management Mode (on page 15)."

 

per controller that is managed by the user.

 

 

In Local Mode, all volumes still have their

 

 

own unique key for data encryption.

 

One-way encryption

As a security feature, data volumes

 

cannot be converted back to plaintext

 

 

after the volume is encrypted. Restoration

 

 

of data is required to revert back to

 

 

plaintext.

 

Pre-deployment support

Supports the ability to preconfigure all

 

cryptographic security settings while in a

 

 

server, then store the powered-off

 

 

controller for later use while retaining the

 

 

settings securely.

 

Remote Key Management

Designed for enterprise-wide

For more information, see "Remote

Mode

deployments with the HP Smart Array

Key Management Mode (on page

 

Controller. It requires the HP Enterprise

17)."

 

Secure Key Manager 3.1 and later to

 

 

manage all keys related to encryption

 

 

deployments. All keys are managed

 

 

automatically between the HP Smart

 

 

Array Controller, HP iLO and the HP

 

 

ESKM.

 

Security reset function

The feature clears all secrets, keys, and

For more information, see "Clearing

 

passwords from the controller, and places

the encryption configuration (on

 

the controller's encryption configuration

page 69)."

 

in a factory new state.

 

Two encryption roles

HP Secure Encryption supports two roles

 

for managing encryption services: a

 

 

Crypto Officer role and a User role.

 

Overview 8

Page 7 Page 9
Image 8
Page 7 Page 9
Contents HP Secure Encryption Installation and User Guide Page Contents Support and other resources Overview About HP Secure EncryptionEncryption features BenefitsFeature Description Eskm HP ProLiant servers Solution componentsHP Smart Storage Administrator HP Smart Array Controller HP SmartCacheHP iLO Minimum requirementsHP Enterprise Secure Key Manager 3.1 and later HP Eskm and key managementLicensing Encryption setup guidelines Recommended security settings at remote sitesEncrypted backups PlanningRemote and local key management requirements Security domainsDeployment scenarios Configuring the controller local mode ConfigurationLocal key management mode Configuration Remote Key Management Mode Configuring Remote Key Management ModeAdding a user Configuring the HP EskmLogging in to the HP Eskm Configuration Adding a group Assigning a user to a group Configuration Configuration Creating a Master Key Placing a key in a group Running a key queryConfiguration Assigning a key to a group Configuring HP iLO Connecting HP iLO to HP Eskm Configuration Configuring the controller remote mode Configuration Accessing Encryption Manager OperationsOpening Encryption Manager Logging into Encryption ManagerManaging passwords Set or change the Crypto Officer passwordSet or change the password recovery question Set or change user account passwordSet or change the controller password Suspending the controller password Resuming the controller password Rekeying the Drive Encryption Keys Working with keysChanging the Master Encryption Key Creating a plaintext volume Rescanning keysOperations Operations Converting plaintext volumes into encrypted volumes Changing key management modes Enabling/disabling plaintext volumes Enabling/disabling the firmware lock Enabling/disabling local key cache Importing drive sets in Local Key Management Mode Importing drives with different Master KeysOperations Maintenance ControllersDrives Flashing firmwareReplacing a physical drive Encryption ManagerQuery by drive serial number GroupsLocating groups associated with a drive Maintenance Query by previous server name Maintenance Displaying log information Running queries Maintenance Maintenance Maintenance Troubleshooting Common issuesLost or forgotten Crypto Officer password Lost or forgotten controller passwordLocal mode Remote modeLocating the key using the HP Eskm Lost or forgotten Master KeyLocating the key using iLO Forgotten which Master key goes with which drive Logical drives remain offline Master key not exportingTesting the connection between HP iLO and the HP Eskm Potential errors encountered Error Description Action Clearing the encryption configuration HP contact information Support and other resourcesBefore you contact HP Appendix Encryption algorithmsGlossary ILO Local Master Encryption KeyMaster Encryption Key PlaintextVolume encryption key Remote Key ManagerDocumentation feedback Index EskmIndex
Top Page Image Contents