HP 1606 Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June - Page 29
Key management systems, Master key management, Master key generation, Master key backup
View all HP 1606 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 29 highlights
Key management systems 1 Key management systems Key management systems are available from several vendors. This release supports the following leading key management systems: • The NetApp LIfetime Key Manager (LKM) version 4.0 or later. • The RSA Key Manager (RKM) version 2.1.3 or later, available through EMC. • The HP Secure Key Manager (SKM) version 1.1 or later, available through Hewlett Packard. • The Thales Encryption Manager for Storage (TEMS). Master key management Communications with opaque key vaults are encrypted using a master key that is created by the encryption engine on the encryption switch. Currently, this includes the key vaults of all supported key management systems except NetApp LKM. Master key generation A master key must be generated by the group leader encryption engine. The master key can be generated once by the group leader, and propagated to the other members of an encryption group. Master key backup It is essential to back up the master key immediately after it is generated. The master key may be backed up to any of the following, • To a file as an encrypted key. • To the key management system as an encrypted key record. • To a set of recovery smart cards. This option is only available if the switch is managed by the Data Center Fabric Manager (DFCM), and if a card reader is available for attachment to the DCFM workstation. The use of smart cards provides the highest level of security. When smart cards are used, the key is split and written on up to five cards, and the cards may be kept and stored by up to five individuals, and all are needed to restore the master key. Fabric OS Encryption Administrator's Guide 11 53-1001864-01