HP Secure Encryption User Manual

Overview 7

Feature

Description

Notes

Dynamic Encryption

Enables smooth transitions between local

and remote modes, the conversion of
plaintext data to encrypted data, and

rekey services for both data and key

wraps.

—

Encryption keys

Data is protected using a series of keys

that provide layered protection at the
volume and drive levels. The solution

utilizes XTS-AES 256-bit encryption.

—

Firmware lock

Prevents controller firmware from being

updated unintentionally or by

unauthorized personnel.

For more information, see

"Enabling/disabling the firmware

lock (on page

45

)."

Hardware-based encryption Utilizes the HP Smart Array Px3x

controller hardware to accelerate all

cryptographic algorithms when securing
data and keys.

For more information about Smart

Array controllers, see the HP website

(

http://www.hp.com/products/sma

rtarray

).

HP Enterprise Secure Key

Manager 3.1

The HP ESKM 3.1 or later unifies and

automates an organization’s encryption

controls by securely creating, protecting,
serving, controlling, and auditing access

to encryption keys.

Remote Mode only. For more

information, see "HP Enterprise

Secure Key Manager 3.1 (on page

10

)."

HP ESKM 3.1 key search

Individual Drive Encryption Keys are

visible by serial number identification on

the HP ESKM 3.1 to enable unique
tracking and management from a central

location. The HP ESKM 3.1 supports

query by serial number, server name, bay
number, PCI slot, and date.

Remote Mode only. For more

information, see "Running queries

(on page

56

)."

HP Smart Storage
Administrator

HP Smart Storage Administrator
v1.60.xx.0 and later provides the

configuration and management of the

cryptographic features of HP Secure
Encryption associated with HP Smart

Array Px3x controllers.

For more information, see "HP Smart
Storage Administrator (on page

9

)."

Integrated Lights Out (iLO)

HP iLO Management is a comprehensive

set of embedded management features

supporting the complete lifecycle of the
server, from initial deployment, through

ongoing management, to service alerting

and remote support. HP iLO comes
standard on all HP ProLiant Gen8 servers.

HP iLO 4 Advanced or Scale Out editions

v1.40 or later connect and auto-register
with the HP ESKM 3.1. HP iLO provides

key exchange support between the HP

Smart Array Px3x controller and the HP
ESKM 3.1 to enable pre-boot support for

OS disk encryption. Audit support is

provided for all key management
transactions.

Remote Mode only. For more

information, see "HP iLO (on page

10

)."

Instant volume erase

Provides ability to instantly,
cryptographically erase logical drives

without having to delete first.

—