beautypg.com

Hp eskm 3.1 and key management, Licensing – HP Secure Encryption User Manual

Page 11

background image

Overview 11

The HP ESKM 3.1 keys and users can be organized into different groups depending on the policies set by an

administrator. These groups determine whether a particular user can retrieve a particular key, and supports
both key sharing and separation for multi-tenant and hosted service provider environments.
Characteristics

Used only in Remote Mode, requiring a network connection

Supports high-availability clustering of 1-8 HP ESKM 3.1 nodes for automatic replication and failover

Provides key services to HP iLO clients using username and password, certificate authentication, or both

Communicates using SSL encryption to ensure the security of the connection and authorized access to
keys

Provides reliable, secure access to business-critical encryption keys

Supports audit and compliance requirements, including PCI-DSS and HIPAA/HITECH

Provides scalability for multiple data centers, thousands of clients, and millions of keys

Uses a FIPS-140-2 Level 2 validated secure appliance which supports the latest NIST cryptographic
guidance

HP ESKM 3.1 and key management

The HP Smart Array Px3x controller manages keys by separating them into the following categories:

Keys stored off-controller on the HP ESKM 3.1

Keys stored on the drive media

Keys stored on the controller

The separation of keys helps ensure the safety of the data residing on the drives, the portability of the drives,

and the ability to manage keys in a centralized manner. The controller uses the HP ESKM 3.1 to back up a

segment of its keys using an encryption method that protects the keys from exposure in plaintext.

Licensing

HP Secure Encryption licensing is based on the number of physical drives requiring encryption. You will need

one HP Secure Encryption license per drive.
To operate HP Secure Encryption in Local Key Management Mode, you will need the following HP Secure

Encryption license:

Global, except China: HP Secure Encryption E-LTU 24x7 Supp Lic D8S85AAE

China only: HP Secure Encryption 1 Svr 24x7 Supp Lic D8S84A

Remote Key Management Mode requires the following additional licenses:

Integrated Lights Out (iLO), Advanced or Scale Out edition

One HP Enterprise Secure Key Manager 3.1 Client License per HP ProLiant Gen8 server

See also other documents in the category HP Software: