beautypg.com

Solution components, Hp proliant gen8 servers – HP Secure Encryption User Manual

Page 8

background image

Overview 8

Feature

Description

Notes

Key rotation support

Supports the rekeying of all keys utilized

by the controller to enable a robust key
rotation strategy

Local Key Management Mode Focused on single server deployments

where there is one Master Encryption Key

per controller that is managed by the user.

In Local Mode, all volumes still have their
own unique key for data encryption. The

Master Key is stored manually by the end

user and cannot be recovered by HP.

For more information, see "Local Key
Management Mode (on page

14

)."

One-way encryption

As a security feature, data volumes

cannot be converted back to plaintext
after the volume is encrypted. Restoration

of data is required to revert back to

plaintext.

Pre-deployment support

Supports the ability to preconfigure all
cryptographic security settings while in a

server, then store the powered-off

controller for later use while retaining the

settings securely.

Remote Key Management
Mode

Designed for enterprise-wide
deployments with the HP Smart Array

Px3x controller. It requires the HP

Enterprise Secure Key Manager 3.1 to
manage all keys related to encryption

deployments. All keys are managed

automatically between the HP Smart

Array Px3x controller, HP iLO and the
HP ESKM 3.1.

For more information, see "Remote
Key Management Mode (on page

16

)."

Security reset function

The feature clears all secrets, keys, and

passwords from the controller, and places

the controller's encryption configuration
in a factory new state.

For more information, see "Clearing

the encryption configuration (on

page

68

)."

Two encryption roles

HP Secure Encryption supports two roles
for managing encryption services: a

Crypto Officer role and a User role.

Volume level encryption

Provides flexibility in allowing the user to

selectively encrypt at the volume or logical

drive level regardless of RAID level.

Solution components

HP ProLiant Gen8 servers

The following HP ProLiant Gen8 server components are compatible with HP Secure Encryption:

Component

Model

Blades

BL420c

BL460c

BL465c

BL660c

See also other documents in the category HP Software: