Hp Secure Encryption Manual do Utilizador Página 1

HP Secure Encryption Installation and User Guide Abstract This document includes feature, installation, and configuration information about HP Smar

Overview 10 • For the BL460c: P230i • For connection to JBODs: P431 or P731m For more information about HP Smart Array Px3x controllers, see the a

Overview 11 The HP ESKM 3.1 keys and users can be organized into different groups depending on the policies set by an administrator. These groups de

Planning 12 Planning Encryption setup guidelines When setting up HP Secure Encryption, consider the information described in the following table. C

Planning 13 unencrypted when accessed from the host system and placed on tape. Software or hardware utilizing an independent encryption feature is n

Configuration 14 Configuration Local key management mode Local Key Management Mode, or Local Mode, is a solution designed for small to medium-size d

Configuration 15 2. Click Perform Initial Setup. The following screen appears. 3. Complete the following: o Under Create Crypto Officer Password

Configuration 16 o Under Key Management Mode, select Local Key Management Mode. 4. Click OK. 5. If you have read and agree to the terms of the E

Configuration 17 b. Create a user account to host Master Encryption Keys. 3. Create a group ("Adding a group" on page 19). 4. Assign th

Configuration 18 3. Click Local Users & Groups. 4. Under Local Users, click Add. The following fields appear. 5. Complete the following f

Configuration 19 d. If this is a standard user account, leave the User Administration Permission and Change Password Permission check boxes empty.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warrantie

Configuration 20 4. Under Local Groups, click Add. 5. Enter the group name in the Group entry field. 6. Click Save. Assigning a user to a grou

Configuration 21 3. Click Local Users & Groups. 4. Under Local Groups, select the group name and click Properties.

Configuration 22 A new window appears, listing the group properties. 5. Click Add. 6. Enter the Username in the field provided. 7. Click Sav

Configuration 23 Creating a Master Key The steps below outline how to create a key in the HP ESKM 3.1. The HP ESKM 3.1 does not differentiate betwee

Configuration 24 4. Under the section Create Key, complete the following: o Key Name: Enter the preferred key name. The name must consist only o

Configuration 25 3. From the left side panel, expand the Keys menu and click Query Keys.

Configuration 26 The following screen appears. 4. Under Create Query, complete the following: a. Query Name: Enter a query name here. Your query

Configuration 27 3. Select the key, and then click Properties. 4. A new Key and Policy Configuration screen appears. Click the Permissions tab.

Configuration 28 • The HP ESKM 3.1 must be configured with a deployment user. For more information, see "Configuring the HP ESKM 3.1 (on page

Configuration 29 3. The Enterprise Secure Key Manager configuration page appears. 4. Under Key Manager Servers, complete the following: a. Prima

Contents 3 Contents Overview ...

Configuration 30 6. Under Key Manager Configuration, enter the group name created previously in the HP ESKM 3.1 in the Group field. 7. Under ESKM

Configuration 31 3. Complete the following: o Under Create Crypto Officer Password, enter and re-enter the password in the fields provided. o Und

Operations 32 Operations Accessing Encryption Manager Opening Encryption Manager 1. Start HP SSA. For more information, see the HP Smart Storage Ad

Operations 33 2. Click Encryption Login. 3. A new window appears. Select an account to log in with and enter the password in the field provided.

Operations 34 4. A new window appears. Enter in the new password in the New Password fields. 5. Click OK. Set or change the password recovery q

Operations 35 IMPORTANT: If this is the first time setting the User password, you must be logged in as the Crypto Officer. The User account is

Operations 36 3. Under Settings, locate Controller Password. Click Set/Change Controller Password. 4. A new window appears. Enter and re-enter the

Operations 37 3. Under Settings, locate Controller Password. Click Suspend Controller Password. 4. A new window appears, asking if you want to sus

Operations 38 Working with keys Changing the Master Encryption Key IMPORTANT: HP recommends that you keep a record of the Master Encryption Keys

Operations 39 3. Under Settings, locate Encrypted Physical Drive Count. Click Drive Key Rekey. 4. A prompt appears, indicating new Drive Encryptio

Contents 4 Replacing a server while retaining the controller ... 49 Pre

Operations 40 2. Under Controller Devices, click on Unassigned Drives. 3. Select drives.

Operations 41 4. Click Create Array. A new window appears. 5. Complete the following fields: a. Create Plaintext Volume: Select Yes. b. My A

Operations 42 8. Array Details, Logical Drives, Physical Drives and Device Path specifications appear. Click Finish to complete. Converting plaint

Operations 43 5. Under Actions, click Convert Plaintext Data to Encrypted Data. A new window appears. 6. Select one of the following: a. To pre

Operations 44 3. Under Settings, locate Key Management Mode. Click Change. 4. A new window appears with the key management mode selected. Enter t

Operations 45 3. Under Settings, locate Allow New Plaintext Volumes. 4. Do one of the following: a. If encryption is disabled, click Allow Plain

Operations 46 5. A prompt appears, asking you to confirm the change. Click Yes to proceed. Enabling/disabling local key cache 1. Open HP Encrypti

Operations 47 b. Retry Interval in Minutes 6. Click OK. Importing drive sets in Local Key Management Mode When the Master Encryption Key on an i

Operations 48 10. A new screen appears. Enter the new Master Encryption Key name assigned to the drives being imported in the Master Key field. 11.

Maintenance 49 Maintenance Controllers Clearing the controller To clear all logical drives and arrays on controllers: 1. Start HP SSA. For more inf

Overview 5 Overview About HP Secure Encryption HP Secure Encryption is a controller-based, enterprise-class data encryption solution that protects d

Maintenance 50 Flashing firmware If the firmware lock function is enabled, the firmware lock on the controller must be unlocked before attempting to

Maintenance 51 Groups Locating groups associated with a drive Use one of the following methods to locate the group name associated with a drive. •

Maintenance 52 The Key Policy and Configuration screen appears. 4. If you want to save this query, enter a name in the Query Name field. 5. Und

Maintenance 53 Query by previous server name 1. Log in to the HP ESKM 3.1 ("Logging in to the HP ESKM 3.1" on page 17). 2. Click the Se

Maintenance 54 The Key Policy and Configuration screen appears. 4. If you want to save this query, enter a name in the Query Name field. 5. Und

Maintenance 55 8. Click the Permissions tab to view the group name. Displaying log information The event log displays events for all controllers

Maintenance 56 2. From the left side panel, expand the Administration menu. 3. Click Key Manager. The Enterprise Secure Key Manager Events appears

Maintenance 57 3. From the left side panel, expand the Keys menu and click Query Keys.

Maintenance 58 A new screen appears. 4. Under Create Query, complete the following: a. If you want to save the query for future use, fill in the

Maintenance 59 — Exportable — Deletable — Algorithm — Creation Date — Versioned Key — Custom attributes d. When you have finished structuring

Overview 6 Benefits Broad encryption coverage • Encrypts data on both the attached bulk storage and the cache memory of HP Smart Array Px3x control

Troubleshooting 60 Troubleshooting Common issues Lost or forgotten Crypto Officer password 1. Open Encryption Manager ("Opening Encryption Man

Troubleshooting 61 If the OS logical drive is encrypted, offline HP SSA will be required to perform the steps below. For more information, see the H

Troubleshooting 62 2. Click the Security tab. 3. From the left side panel, expand the Keys menu and click Keys. 4. The Key and Policy Configura

Troubleshooting 63 2. From the left side panel, expand the Administration menu. 3. Click Key Manager. The Enterprise Secure Key Manager Events app

Troubleshooting 64 2. Run a key query with the following search parameters ("Running queries" on page 56): a. Choose Keys Where drop down

Troubleshooting 65 Testing the connection between HP iLO and the HP ESKM 3.1 HP iLO connects and manages key exchanges between the controller and HP

Troubleshooting 66 The following screen appears. 3. Under Key Manager Configuration, click Test ESKM Connections: o If HP iLO is connected to th

Troubleshooting 67 Error Description Action Remote key manager communication failure Slot X Encryption Failure – Communication issue prevents dri

Troubleshooting 68 Error Description Action NVRAM failure Non-volatile storage corrupted. Critical Security Parameters erased per policy. Encrypte

Support and other resources 69 Support and other resources Before you contact HP Be sure to have the following information available before you call

Overview 7 Feature Description Notes Dynamic Encryption Enables smooth transitions between local and remote modes, the conversion of plaintext dat

Appendix 70 Appendix Encryption algorithms In keeping with the encryption standards outlined in FIPS 140-2 (http://csrc.nist.gov/groups/STM/cmvp/doc

Glossary 71 Glossary ACU Array Configuration Utility Controller key A key created by the controller and permanently saved to the Remote Key Manager

Glossary 72 ESKM Enterprise Secure Key Manager FIPS Federal Information Processing Standard HIPAA Health Insurance Portability and Accountability

Glossary 73 Remote Key Manager A server used to store, backup and retrieve keys for a group of controllers in a data center. Volume encryption key

Documentation feedback 74 Documentation feedback HP is committed to providing documentation that meets your needs. To help us improve the documentat

Index 75 A access 32 algorithms, supported 70 Array Configuration Utility (ACU) 9 B backing up data 12 before you contact HP 69 benefits

Index 76 license, iLO 11 Local Key Management Mode 14, 43, 61 log information, displaying 55 logging in 17, 32 logical drive 64 logical dr

Overview 8 Feature Description Notes Key rotation support Supports the rekeying of all keys utilized by the controller to enable a robust key rota

Overview 9 Component Model ML • ML350e V2 • ML350p Rack • DL360e/p • DL380e/p • DL385p • DL560 • DL580 SL • SL270s • SL210 For more infor