HP StorageWorks Secure Key Manager

HP Updated: 2008-02-26
HP StorageWorks Secure Key Manager

The HP StorageWorks Secure Key Manager reduces your risk of a costly data breach and reputation damage while improving regulatory compliance with a secure centralized encryption key management solution for HP LTO4 enterprise tape libraries. The Secure Key Manager automates key generation and management based on security policies for multiple libraries. This occurs transparent to ISV backup applications. The Secure Key Manager is a hardened server appliance delivering secure identity-based access; administration and logging with strong auditable security designed to meet the rigorous FIPS 140-2 security standards. Additionally; the Secure Key Manager provides reliable lifetime key archival with automatic multi-site key replication; high availability clustering and failover capabilities.

The HP StorageWorks Secure Key Manager provides centralized key management for HP StorageWorks Enterprise Storage Libraries (ESL) E-Series Tape Libraries and HP StorageWorks Enterprise Modular Library (EML) E-Series Tape Libraries. In addition to the clustering capability; the Secure Key Manager provides comprehensive backup and restore functionality for keys; as well as redundant device components and active alerts. The Secure Key Manager supports policy granularity ranging from a key per library partition to a key per tape cartridge while featuring an open extensible architecture for emerging standards and allowing additional client types in the future needing key management services. These clients may include other storage devices; switches; operating systems and applications. Keep your confidential data secure yet highly available with automated single point of management for your encryption keys using the HP Secure Key Manager; a member of the “HP Secure Advantage” portfolio.

Features & benefits

Reduce risk of a data breach: Mitigate your risk of data exposure. Keep your tape encrypted data private and protect your company reputation with HP Secure Key Manager while improving regulatory compliance and avoiding financial consequences of a breach. Avoid situations requiring disclosure of unauthorized access to unencrypted private information.

Centralized with automatic policy-based key generation: HP Secure Key Manager reduces the complexity of managing encryption keys across a distributed infrastructure with a single point of management. Independent of tape drive count, multiple ESL/EML LTO4 tape libraries are supported per node further boosting investment protection. Only network connectivity is required.

Transparent to ISV applications: Minimize impact to existing backup and recovery processes. The key management and data encryption occurs transparent to the backup application. The data can be decrypted on an HP Secure Key Manager library client that has permission to access the key. Check the EBS matrix for ISV support of the LTO-4 drive.

Extensible to emerging open standards: The HP Secure Key Manager architecture and plans support future encryption clients beyond HP ESL and EML Tape Libraries. It is the platform HP is using to build infrastructure-wide centralized key management for information protection across the enterprise.

Hardened server appliance: The HP Secure Key Manager features a closed Linux kernel, dual locking bezel with durable pick-resistant locks and tamper-evident enclosure seals to provide platform security substantially beyond a general purpose server key repository.

Secure identity-based access, administration and digitally signed logs: The HP Secure Key Manager also provides a trusted infrastructure for enforcement of internal security policies/controls and a trusted audit trail of encryption and key management activities as evidence for compliance and audit verifications.

Designed for FIPS 140-2 security standards validation: The HP Secure Key Manager is appropriate for stringent cryptographic installations and supports AES-256 key generation. FIPS 140-2 Level 2 validation is pending. The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard used to validate cryptographic modules.

Automatic multi-site key replication and failover: High availability and reliability are paramount because keys must be retained for the life of the data which may be for decades. The HP Secure Key Manager delivers high availability of archived keys for same or multi-site coverage. Key replication and failover occurs automatically in a clustered configuration.

Comprehensive backup and restore functionality for keys: For more availability options, the HP Secure Key Manager can automatically generate additional copies of the keys, policies, certificates and configuration even in a clustered installation.

Redundant device components and active alerts: For improved overall reliability the HP Secure Key Manager has redundant dual fans, power supplies and disk drives (RAID 1 mirroring) along with active alerts and health checks to maximize uptime.