unencrypted when accessed from the host system and placed on tape. Software or hardware utilizing an independent encryption feature is not impacted by HP Secure Encryption.
Security domains
A security domain is a blueprint for separating out different groups of servers or key management escrows where access to a set of keys is inhibited by the structure of the various domains. The best mechanisms for establishing separate security domains are either through the use of separate HP ESKM or via the use of groups within the HP ESKM. Unique groups provide a software mechanism for each server to partition off their key sets from one server to another. Groups are created on the HP ESKM and assigned to a server via the HP iLO Key Manager page. For more information, see "Remote Key Management Mode (on page 17)."
Deployment scenarios
Remote and local key management requirements
Use the table below to determine which encryption mode is right for you.
Mode parameters | Local Key Management Mode | Remote Key Management Mode |
|
|
|
Number of servers | <99 (recommended) | 100 or more |
Support of HP ESKM by customer | No | Yes |
Utilize Integrated Lights Out (iLO) | No | Yes |
Advanced or Scale Out License in the |
|
|
infrastructure |
|
|
Requirement to escrow keys | No | Yes |
Manual tracking of keys | Yes | No |
Poor or no network connectivity to HP | Yes | No |
ESKM |
|
|
Planning 14
