beautypg.com

Planning, Encryption setup guidelines, Recommended security settings at remote sites – HP Secure Encryption User Manual

Page 12: Encrypted backups

background image

Planning 12

Planning

Encryption setup guidelines

When setting up HP Secure Encryption, consider the information described in the following table.

Configuration

Options

Deciding factors

Encryption mode

Local Key

Management Mode

Remote Key

Management Mode

Choose Local Key Management Mode when:

Data is stored at a site without network access.

In a small deployment center or lab

Manual key management is available.

Choose Remote Key Management Mode when:

Using a large number of servers

A network is available between the HP ESKM

3.1 and a server.

Automatic key management is preferred,

including backups and redundancy

configurations

Plaintext volumes

Allow

Disallow (default)

Allow future plaintext logical drives when:

Drive migration might occur to a non-encrypting

controller.

Data is not privacy-sensitive.

For more information, see "Enabling/disabling

plaintext volumes (on page

44

)."

Key naming conventions

Master Encryption Keys
are customizable.

Create a specific naming convention when
managing multiple keys and multiple servers.

Recommended security settings at remote sites

For added security, HP recommends the following configuration when operating HP Secure Encryption at

remote sites outside the main data center.

Firmware lock enabled ("

Enabling/disabling the firmware lock

" on page

45

)

Controller password enabled ("

Set or change the controller password

" on page

35

)

Plaintext volumes disabled ("

Enabling/disabling plaintext volumes

" on page

44

)

Local Key Cache disabled ("

Enabling/disabling local key cache

" on page

46

)

Applies to Remote Key Management Mode only

Encrypted backups

At system startup, all encrypted data-at-rest becomes accessible to the host system in unencrypted form via the
controller and the appropriate keys. This method of startup allows the system to boot into an operating system

installed on an encrypted volume. As a result, encrypted backups are not available, and all data appears

See also other documents in the category HP Software: