Manualshelf

User's Manual

ManualsBrandsHP ManualsSoftwareSecure Encryption
11121314151617181920
Overview 11
management database, key management, encryption activation, and audit support for the devices within the
platform.
For the full implementation of HP Secure Encryption with the HP ESKM, HP iLO Advanced or HP iLO Scale
Out editions are required to connect and auto-register with the HP ESKM. HP iLO provides key exchange
support between the HP Smart Array Controller and the HP ESKM to enable pre-boot support for OS disk
encryption. Audit support is provided for all for key management transactions.
For more information about HP iLO, see the HP website (http://www.hp.com/go/ilo).
HP Enterprise Secure Key Manager 3.1 and later
HP Enterprise Secure Key Manager 3.1 and later acts as a secure, reliable repository for keys used by HP
Secure Encryption. In Remote Key Management Mode, HP iLO connects to the HP ESKM using
username/password and digital certificate authentication to securely store and retrieve keys. Each HP iLO
must be registered as an HP ESKM user by an administrator, or Crypto Officer, of the HP ESKM for access
to be granted. If a user is registered and has the necessary permissions, the HP ESKM accepts requests and
provides keys to the client. As standard practice, communication with the HP ESKM is configured for SSL to
ensure the security of the connection and authorized access to keys.
The HP ESKM keys and users can be organized into different groups depending on the policies set by an
administrator. These groups determine whether a particular user can retrieve a particular key, and supports
both key sharing and separation for multi-tenant and hosted service provider environments.
Characteristics
Used only in Remote Mode, requiring a network connection
Supports high-availability clustering of 2-8 HP ESKM nodes for automatic replication and failover
Provides key services to HP iLO clients using username and password, certificate authentication, or both
Communicates using SSL encryption to ensure the security of the connection and authorized access to
keys
Provides reliable, secure access to business-critical encryption keys
Supports audit and compliance requirements, including PCI-DSS and HIPAA/HITECH
Provides scalability for multiple data centers, thousands of clients, and millions of keys
Uses a FIPS-140-2 Level 2 validated secure appliance which supports the latest NIST cryptographic
guidance
HP ESKM and key management
The HP Smart Array Controller manages keys by separating them into the following categories:
Keys stored off-controller on the HP ESKM
Keys stored on the drive media
Keys stored on the controller
The separation of keys helps ensure the safety of the data residing on the drives, the portability of the drives,
and the ability to manage keys in a centralized manner. The controller uses the HP ESKM to back up a
segment of its keys using an encryption method that protects the keys from exposure in plaintext.