Manuals / HP / Computer Equipment / Software

HP Secure Encryption HP Enterprise Secure Key Manager 3.1 and later, HP Eskm and key management

Models: Secure Encryption

1 77
Download 77 pages 59.56 Kb
Page 11
Image 11

management database, key management, encryption activation, and audit support for the devices within the platform.

For the full implementation of HP Secure Encryption with the HP ESKM, HP iLO Advanced or HP iLO Scale Out editions are required to connect and auto-register with the HP ESKM. HP iLO provides key exchange support between the HP Smart Array Controller and the HP ESKM to enable pre-boot support for OS disk encryption. Audit support is provided for all for key management transactions.

For more information about HP iLO, see the HP website (http://www.hp.com/go/ilo).

HP Enterprise Secure Key Manager 3.1 and later

HP Enterprise Secure Key Manager 3.1 and later acts as a secure, reliable repository for keys used by HP Secure Encryption. In Remote Key Management Mode, HP iLO connects to the HP ESKM using username/password and digital certificate authentication to securely store and retrieve keys. Each HP iLO must be registered as an HP ESKM user by an administrator, or Crypto Officer, of the HP ESKM for access to be granted. If a user is registered and has the necessary permissions, the HP ESKM accepts requests and provides keys to the client. As standard practice, communication with the HP ESKM is configured for SSL to ensure the security of the connection and authorized access to keys.

The HP ESKM keys and users can be organized into different groups depending on the policies set by an administrator. These groups determine whether a particular user can retrieve a particular key, and supports both key sharing and separation for multi-tenant and hosted service provider environments.

Characteristics

Used only in Remote Mode, requiring a network connection

Supports high-availability clustering of 2-8 HP ESKM nodes for automatic replication and failover

Provides key services to HP iLO clients using username and password, certificate authentication, or both

Communicates using SSL encryption to ensure the security of the connection and authorized access to keys

Provides reliable, secure access to business-critical encryption keys

Supports audit and compliance requirements, including PCI-DSS and HIPAA/HITECH

Provides scalability for multiple data centers, thousands of clients, and millions of keys

Uses a FIPS-140-2 Level 2 validated secure appliance which supports the latest NIST cryptographic guidance

HP ESKM and key management

The HP Smart Array Controller manages keys by separating them into the following categories:

Keys stored off-controller on the HP ESKM

Keys stored on the drive media

Keys stored on the controller

The separation of keys helps ensure the safety of the data residing on the drives, the portability of the drives, and the ability to manage keys in a centralized manner. The controller uses the HP ESKM to back up a segment of its keys using an encryption method that protects the keys from exposure in plaintext.

Overview 11

Page 10 Page 12
Page 11
Image 11
HP Secure Encryption manual HP Enterprise Secure Key Manager 3.1 and later, HP Eskm and key management
Page 10 Page 12