User's Manual

ManualsBrandsHP ManualsSoftwareSecure Encryption

1

2

3

4

5

6

7

8

9

Overview 8

Feature Description Notes

Integrated Lights Out (iLO)

HP iLO Management is a comprehensive

set of embedded management features

supporting the complete lifecycle of the

server, from initial deployment, through

ongoing management, to service alerting

and remote support. HP iLO is provided

on all HP ProLiant Gen8 and later servers.

HP iLO 4 Advanced or Scale Out editions

v1.40 or later connect and auto-register

with the HP ESKM. HP iLO provides key

exchange support between the HP Smart

Array Controller and the HP ESKM to

enable pre-boot support for OS disk

encryption. Audit support is provided for

all key management transactions.

Remote Mode only. For more

information, see "HP iLO (on page

10)."

Instant volume erase

Provides ability to instantly,

cryptographically erase logical volumes

without having to delete the volume first

—

Key rotation support

Supports the rekeying of all keys utilized

by the controller to enable a robust key

rotation strategy

—

Local Key Management Mode

Focused on single server deployments

where there is one Master Encryption Key

per controller that is managed by the user.

In Local Mode, all volumes still have their

own unique key for data encryption.

For more information, see "Local Key

Management Mode (on page 15)."

One-way encryption

As a security feature, data volumes

cannot be converted back to plaintext

after the volume is encrypted. Restoration

of data is required to revert back to

plaintext.

—

Pre-deployment support

Supports the ability to preconfigure all

cryptographic security settings while in a

server, then store the powered-off

controller for later use while retaining the

settings securely.

—

Remote Key Management

Mode

Designed for enterprise-wide

deployments with the HP Smart Array

Controller. It requires the HP Enterprise

Secure Key Manager 3.1 and later to

manage all keys related to encryption

deployments. All keys are managed

automatically between the HP Smart

Array Controller, HP iLO and the HP

ESKM.

For more information, see "Remote

Key Management Mode (on page

17)."

Security reset function

The feature clears all secrets, keys, and

passwords from the controller, and places

the controller's encryption configuration

in a factory new state.

For more information, see "Clearing

the encryption configuration (on

page 69)."

Two encryption roles

HP Secure Encryption supports two roles

for managing encryption services: a

Crypto Officer role and a User role.

—