Glossary | HP Secure Encryption specification

Glossary

ACU

Array Configuration Utility

Controller key

A key created by the controller and permanently saved to the Remote Key Manager after being wrapped by the Master Encryption Key. This key is used on a temporary basis to alleviate potential bottlenecks to the Remote Key Manager during volume creation/change events. Use of a Controller Key is on a temporary basis only and is ultimately transitioned via a rekey operation to the appropriate Drive Encryption Key.

Controller-secured region

The section of a device where data and Critical Security Parameters can exist in an unencrypted format. This boundary must be secured against tampering as acquiring this sensitive data may result in unauthorized access to data.

Critical Security Parameters (CSPs)

An industry standard term referring to security related information such as keys, passwords, and so forth, whose disclosure would compromise an encrypted system.

Crypto officer

Personnel who have permission to access the full range of encryption functions available on the controller. This includes turning encryption on and off, resetting keys, importing Master Encryption Keys, and so forth.

Drive array

The group of physical drives containing a logical volume.

Drive encryption key

Key generated by the Smart Array controller for each physical drive that contains at least one encrypted logical drive. The Drive Encryption Key for each physical drive is used to encrypt (wrap) the Volume Encryption Keys for all of the logical drives resident on that physical drive.

Drive key caching

In Remote mode, the Drive Encryption Keys are typically stored on the Remote Key Manager. However, it is possible to enable the controller to cache all of these Drive Encryption Keys necessary to decrypt attached logical drives within the controller-secured region. This option is available to the user through HP SSA.

Encrypted data

Data that has been encrypted through the use of an encryption key.

Glossary 72

Image 72

HP Secure Encryption manual Glossary

Contents

HP Secure Encryption Installation and User Guide Page Contents Support and other resources Overview About HP Secure Encryption Encryption features Benefits Feature Description Eskm Solution components HP Smart Storage AdministratorHP ProLiant servers HP Smart Array Controller HP SmartCacheHP iLO Minimum requirements HP Enterprise Secure Key Manager 3.1 and later HP Eskm and key management Licensing Encryption setup guidelines Recommended security settings at remote sitesEncrypted backups Planning Security domains Deployment scenariosRemote and local key management requirements Configuration Local key management modeConfiguring the controller local mode Configuration Remote Key Management Mode Configuring Remote Key Management Mode Configuring the HP Eskm Logging in to the HP EskmAdding a user Configuration Adding a group Assigning a user to a group Configuration Configuration Creating a Master Key Placing a key in a group Running a key query Configuration Assigning a key to a group Configuring HP iLO Connecting HP iLO to HP Eskm Configuration Configuring the controller remote mode Configuration Accessing Encryption Manager OperationsOpening Encryption Manager Logging into Encryption Manager Managing passwords Set or change the Crypto Officer password Set or change the password recovery question Set or change user account password Set or change the controller password Suspending the controller password Resuming the controller password Working with keys Changing the Master Encryption KeyRekeying the Drive Encryption Keys Creating a plaintext volume Rescanning keys Operations Operations Converting plaintext volumes into encrypted volumes Changing key management modes Enabling/disabling plaintext volumes Enabling/disabling the firmware lock Enabling/disabling local key cache Importing drive sets in Local Key Management Mode Importing drives with different Master Keys Operations Maintenance Controllers Drives Flashing firmwareReplacing a physical drive Encryption Manager Groups Locating groups associated with a driveQuery by drive serial number Maintenance Query by previous server name Maintenance Displaying log information Running queries Maintenance Maintenance Maintenance Troubleshooting Common issuesLost or forgotten Crypto Officer password Lost or forgotten controller password Local mode Remote modeLocating the key using the HP Eskm Lost or forgotten Master Key Locating the key using iLO Forgotten which Master key goes with which drive Logical drives remain offline Master key not exporting Testing the connection between HP iLO and the HP Eskm Potential errors encountered Error Description Action Clearing the encryption configuration Support and other resources Before you contact HPHP contact information Appendix Encryption algorithms Glossary ILO Local Master Encryption KeyMaster Encryption Key Plaintext Volume encryption key Remote Key Manager Documentation feedback Index Eskm Index