Overview
About HP Secure Encryption
HP Secure Encryption is a controller-based, enterprise-class data encryption solution that protects data at rest on bulk storage hard drives and SSDs attached to a compatible HP Smart Array Controller. The solution is compatible with the HP Enterprise Secure Key Manager, and can operate with or without the presence of a key manager in the environment, depending on individual customer settings.
HP Secure Encryption provides encryption for data at rest as an important component for complying with sensitive data protection requirements including PCI-DSS, HIPAA/HITECH, Sarbanes/Oxley, and state privacy laws. HP Secure Encryption secures any data deemed sensitive and requiring extra levels of protection through the application of XTS-AES 256-bit data encryption. Many companies under government regulations require that sensitive privacy data must be secured and uncompromised using NIST-approved algorithms and methodologies for key management. As a result, HP has applied for FIPS-140-2 Level 2 validation for controllers supporting encryption. For more information, see the the Cryptographic Module Validation Program (CMVP) on the National Institute of Standards and Technology website (http://csrc.nist.gov/groups/STM/cmvp/index.html).
HP Secure Encryption requires the following core components:
•HP ProLiant Gen8 or later server. For more information, see "HP ProLiant servers (on page 9)."
•HP Smart Array Controller. For a list of currently supported controllers, see "HP Smart Array Controller (on page 10)."
•HP Secure Encryption license, per drive
•HP Smart Storage Administrator, version 1.60 or later
•Compatible SAS/SATA hard drive or SSD
•Compatible storage enclosure
HP Secure Encryption can operate in Remote Key Management Mode, or Remote Mode, through the use of a separate, clustered, appliance-based server called the HP Enterprise Secure Key Manager 3.1 and later. The HP ESKM manages all encryption keys throughout the data center. When utilizing the HP ESKM, the communication path between the HP ESKM and the HP Smart Array Controller is established through the HP iLO interface. The controller communicates with the HP ESKM as new keys are generated and as old keys are retired. The HP ESKM acts as a key vault where all keys are managed via a web browser interface. For more information about the HP ESKM, see "HP Enterprise Secure Key Manager 3.1 and later (on page 11)." For more information about HP iLO connectivity, see "HP iLO (on page 10)."
The following additional components are required for operating HP Secure Encryption in Remote Mode:
•Integrated Lights Out (iLO) Advanced or Scale Out Edition license, per ProLiant server
•HP Enterprise Secure Key Manager 3.1 and later
HP Secure Encryption can also operate without an attached key management solution through Local Key Management Mode, or Local Mode.
Overview 5
