Manualshelf

User's Manual

ManualsBrandsHP ManualsSoftwareSecure Encryption
11121314151617181920
Configuration 17
o
Under Key Management Mode, select Local Key Management Mode.
4. Click OK.
5. A warning appears, prompting the user to record the Master Key. Click Yes to continue.
6. If you have read and agree to the terms of the EULA, select the check box and click Accept.
7. A summary screen appears indicating the controller has been successfully configured for encryption
use. Click Finish to continue.
8. The Encryption Manager screen appears with updated Settings, Accounts and Utilities options.
IMPORTANT: HP recommends setting up a password recovery question and answer after initial
configuration. If the Crypto Officer password is lost and a recovery question and answer have not
been set, you will need to erase and reconfigure all HP Secure Encryption settings in order to reset
the Crypto Officer password. For more information, see "Set or change the password recovery
question (on page 35)."
Remote Key Management Mode
IMPORTANT: HP Enterprise Secure Key Manager 3.1 and later must already be installed and
configured to operate HP Secure Encryption in Remote Mode. For more information, see
"Configuring the HP ESKM 3.1 ("Configuring the HP ESKM" on page 18)."
In Remote Key Management Mode, keys are imported and exported between the controller and the HP
ESKM, which provides a redundant, secure store with continuous access to the keys. To enable key
exchanges between the HP Smart Array Controller and the HP ESKM, a network connection is required both
during pre-OS boot time and during OS operations. Because the controller does not have direct network
access capabilities, HP iLO provides the necessary network access to facilitate key exchanges between the
controller and the HP ESKM. HP iLO has both network presence and is constantly running on AUX power
regardless of the server state. The keys exchanged between HP iLO, HP ESKM, and the controller are all
secured.
Characteristics
High volume key storage
Keys are kept in separate storage from servers to protect against physical removal
Requires network availability and a remote key management system
Configuring Remote Key Management Mode
IMPORTANT: HP Secure Encryption and other HP encryption client products must be
coordinated for a successful installation and configuration. It is recommended to refer to each
product's user guide to ensure proper installation and encryption protection.
To configure HP Secure Encryption to operate in Remote mode:
1. Configure the HP ESKM ("Configuring the HP ESKM" on page 18). For more information about
installation, configuration and operation of the HP ESKM, see the HP Enterprise Secure Key Manager
User Guide and the HP Installation and Replacement Guide.
2. Connect HP iLO to the HP ESKM ("Connecting HP iLO to HP ESKM" on page 29).
3. Install HP SSA. For more information, see the HP Smart Storage Administrator User Guide.