HP Secure Encryption manual Configuring Remote Key Management Mode

o Under Key Management Mode, select Local Key Management Mode.

4.Click OK.

5.A warning appears, prompting the user to record the Master Key. Click Yes to continue.

6.If you have read and agree to the terms of the EULA, select the check box and click Accept.

7.A summary screen appears indicating the controller has been successfully configured for encryption use. Click Finish to continue.

8.The Encryption Manager screen appears with updated Settings, Accounts and Utilities options.

IMPORTANT: HP recommends setting up a password recovery question and answer after initial configuration. If the Crypto Officer password is lost and a recovery question and answer have not been set, you will need to erase and reconfigure all HP Secure Encryption settings in order to reset the Crypto Officer password. For more information, see "Set or change the password recovery question (on page 35)."

Remote Key Management Mode

IMPORTANT: HP Enterprise Secure Key Manager 3.1 and later must already be installed and configured to operate HP Secure Encryption in Remote Mode. For more information, see "Configuring the HP ESKM 3.1 ("Configuring the HP ESKM" on page 18)."

In Remote Key Management Mode, keys are imported and exported between the controller and the HP ESKM, which provides a redundant, secure store with continuous access to the keys. To enable key exchanges between the HP Smart Array Controller and the HP ESKM, a network connection is required both during pre-OS boot time and during OS operations. Because the controller does not have direct network access capabilities, HP iLO provides the necessary network access to facilitate key exchanges between the controller and the HP ESKM. HP iLO has both network presence and is constantly running on AUX power regardless of the server state. The keys exchanged between HP iLO, HP ESKM, and the controller are all secured.

Characteristics

•High volume key storage

•Keys are kept in separate storage from servers to protect against physical removal

•Requires network availability and a remote key management system

Configuring Remote Key Management Mode

IMPORTANT: HP Secure Encryption and other HP encryption client products must be coordinated for a successful installation and configuration. It is recommended to refer to each product's user guide to ensure proper installation and encryption protection.

To configure HP Secure Encryption to operate in Remote mode:

1.Configure the HP ESKM ("Configuring the HP ESKM" on page 18). For more information about installation, configuration and operation of the HP ESKM, see the HP Enterprise Secure Key Manager User Guide and the HP Installation and Replacement Guide.

2.Connect HP iLO to the HP ESKM ("Connecting HP iLO to HP ESKM" on page 29).

3.Install HP SSA. For more information, see the HP Smart Storage Administrator User Guide.

Configuration 17