Remote key management mode, Configuring remote key management mode, Configuring the hp eskm 3.1 – HP Secure Encryption User Manual
Page 16
Configuration 16
o
Under Key Management Mode, select Local Key Management Mode.
4.
Click OK.
5.
If you have read and agree to the terms of the EULA, select the check box and click Accept.
6.
A summary screen appears indicating the controller has been successfully configured for encryption
use. Click Finish to continue.
7.
The Encryption Manager screen appears with updated Settings, Accounts and Utilities options.
IMPORTANT:
HP recommends setting up a password recovery question and answer after initial
configuration. If the Crypto Officer password is lost and a recovery question and answer have not
been set, you will need to erase and reconfigure all HP Secure Encryption settings in order to reset
the Crypto Officer password. For more information, see "Set or change the password recovery
)."
Remote Key Management Mode
IMPORTANT:
HP Enterprise Secure Key Manager 3.1 must already be installed and configured
to operate HP Secure Encryption in Remote Mode. For more information, see "Configuring the HP
)."
In Remote Key Management Mode, keys are imported and exported between the controller and the HP
ESKM 3.1 which provides a redundant, secure store with continuous access to the keys. To enable key
exchanges between the HP Smart Array Px3x controller and the HP ESKM 3.1, a network connection is
required both during pre-OS boot time and during OS operations. Because the controller does not have
direct network access capabilities, HP iLO provides the necessary network access to facilitate key exchanges
between the controller and the HP ESKM 3.1. HP iLO has both network presence and is constantly running
on AUX power regardless of the server state. The keys exchanged between HP iLO, HP ESKM 3.1, and the
controller are all secured.
Characteristics
•
High volume key storage
•
Keys are kept in separate storage from servers to protect against physical removal
•
Requires network availability and a remote key management system
Configuring Remote Key Management Mode
To configure HP Secure Encryption to operate in Remote mode:
1.
Configure the HP ESKM 3.1 ("
" on page
).
2.
Connect HP iLO to the HP ESKM 3.1 ("
Connecting HP iLO to HP ESKM 3.1
" on page
3.
Install HP SSA. For more information, see the HP Smart Storage Administrator User Guide.
4.
Configure the HP Smart Array Px3x controller ("
Configuring the controller (remote mode)
" on page
).
Configuring the HP ESKM 3.1
1.
Log in to the HP ESKM 3.1 ("
" on page
2.
Create initial user accounts ("
" on page
a.
Create a temporary user account for deployment.