Overview, About hp secure encryption – HP Secure Encryption User Manual
Page 5
Overview 5
Overview
About HP Secure Encryption
HP Secure Encryption is a controller-based, enterprise-class data encryption solution that protects data at rest
on bulk storage HDDs and SSDs attached to an HP Smart Array Px3x controller. The solution is compatible
with HP key manager products and can operate with or without the presence of a key manager in the
environment, depending on individual customer settings.
HP Secure Encryption provides encryption for data at rest as an important component for complying with
data privacy requirements found in government regulations like HIPAA and Sarbanes-Oxley. HP Secure
Encryption secures any data deemed sensitive and requiring extra levels of protection through the
application of XTS-AES 256-bit data encryption. Many companies under government regulations require that
sensitive privacy data must be secured and uncompromised using NIST-approved algorithms and
methodologies for key management. As a result, HP has applied for FIPS-140-2 Level 2 validation for
controllers supporting encryption. For more information, see the Implementation Guidance for FIPS PUB
140-2 and the Cryptographic Module Validation Program on the National Institute of Standards and
Technology website
.
The core components for HP Secure Encryption are the following:
•
An HP ProLiant Gen8 server. For more information, see "HP ProLiant Gen8 servers (on page
)".
•
HP Smart Array Px3x controller. For a list of currently supported controllers, see "HP Smart Array
Controller (on page
)."
•
HP Secure Encryption license, per drive
•
HP Smart Storage Administrator, version 1.50 or later
•
Compatible SAS/SATA HDD and SSD drive
•
Compatible storage enclosure
HP Secure Encryption can operate in Remote Key Management Mode, or Remote Mode, through the use of
a separate, clustered, appliance-based server call the HP Enterprise Secure Key Manager 3.1. The HP ESKM
3.1 manages all encryption keys throughout the data center. When utilizing the HP ESKM 3.1, the
communication path between the HP ESKM 3.1 and the HP Smart Array Px3x controller is established
through the HP iLO interface. The controller communicates with the HP ESKM 3.1 as new keys are generated
and as old keys are retired. The HP ESKM 3.1 acts as a key vault where all keys are managed via a web
browser interface. For more information about the HP ESKM 3.1, see "HP Enterprise Secure Key Manager
)." For more information about HP iLO connectivity, see "HP iLO (on page
)."
The additional components required for operating HP Secure Encryption in Remote Mode are the following:
•
Integrated Lights Out (iLO) Advanced or Scale Out Edition license, per ProLiant Gen8 server
•
HP Enterprise Secure Key Manager 3.1
HP Secure Encryption can also operate without an attached key management solution through Local Key
Management Mode, or Local Mode.