Planning
Encryption setup guidelines
When setting up HP Secure Encryption, consider the information described in the following table.
Configuration | Options | Deciding factors | |
|
|
|
|
Encryption mode | • | Local Key | Choose Local Key Management Mode when: |
| • | Management Mode | • Data is stored at a site without network access. |
| Remote Key | • In a small deployment center or lab | |
|
| Management Mode | • Manual key management is available. |
|
|
| Choose Remote Key Management Mode when: |
|
|
| • Using a large number of servers |
|
|
| • A network is available between the HP ESKM |
|
|
| and a server. |
|
|
| • Automatic key management is preferred, |
|
|
| including backups and redundancy |
|
|
| configurations |
|
|
|
|
Plaintext volumes | • | Allow | Allow future plaintext logical drives when: |
| • | Disallow (default) | • Drive migration might occur to a |
|
|
| controller. |
|
|
| • Data is not |
|
|
| For more information, see "Enabling/disabling |
|
|
| plaintext volumes (on page 45)." |
|
|
| |
Key naming conventions | Master Encryption Keys | Create a specific naming convention when | |
| are customizable. | managing multiple keys and multiple servers. | |
Recommended security settings at remote sites
For added security, HP recommends the following configuration when operating HP Secure Encryption at remote sites outside the main data center.
•Firmware lock enabled ("Enabling/disabling the firmware lock" on page 46)
•Controller password enabled ("Set or change the controller password" on page 36)
•Plaintext volumes disabled ("Enabling/disabling plaintext volumes" on page 45)
•Local Key Cache disabled
Applies to Remote Key Management Mode only
Encrypted backups
At system startup, all encrypted
Planning 13
