Using Enterprise Secure Key Manager with iLO
iLO 5 supports Enterprise Secure Key Manager (ESKM) 3.1 and later, which can be used in conjunction
with HPE Smart Array Secure Encryption.
ESKM 5.0 or later is required when the FIPS security state is enabled.
ESKM is not supported when the SuiteB security state is enabled.
• HPE Smart Array Secure Encryption supports HPE Smart Array controllers and provides data-at-rest
encryption for direct-attached HDD or SSD storage connected to Hewlett Packard Enterprise servers.
It provides an integrated solution to encrypting HDD or SSD volumes by using 256-bit XTS-AES
algorithms.
• ESKM generates, stores, serves, controls, and audits access to data encryption keys. It enables you
to protect and preserve access to business-critical, sensitive, data-at-rest encryption keys.
• iLO manages the key exchange between the ESKM and the Smart Array controller. iLO uses a unique
user account based on its own MAC address for communicating with the ESKM. For the initial creation
of this account, iLO uses a deployment user account that pre-exists on the ESKM with administrator
privileges. For more information about the deployment user account, see the HPE Smart Array Secure
Encryption installation and user guide.
For information about HPE Smart Array Secure Encryption and ESKM, see the HPE Smart Array Secure
Encryption installation and user guide.
Configuring key manager servers
Prerequisites
• Configure iLO Settings privilege
• An iLO license that supports this feature is installed.
Procedure
1.
Click
Administration
in the navigation tree, and then click the
Key Manager
tab.
2.
Enter the following information:
•
Primary Key Server
—The primary key server hostname, IP address, or FQDN and port. This
string can be up to 79 characters long.
•
Secondary Key Server
—The secondary key server hostname, IP address, or FQDN and port.
This string can be up to 79 characters long.
3.
Optional: For configurations with a primary and secondary key server, enable the
Require
Redundancy
option to check for server redundancy.
Hewlett Packard Enterprise recommends enabling this option. When this option is disabled, iLO will
not verify that encryption keys are copied to both of the configured key servers.
4.
Click
Apply
.
Using Enterprise Secure Key Manager with iLO
215