HP Enterprise Secure Key Manager

 HP Enterprise Secure Key Manager

When sensitive data at rest is encrypted, the threats of audit failures, financial losses, and damage to your organization's reputation are significantly reduced. However, whenever encryption is used to protect data at rest, a strong key management system is essential to control and preserve the underlying cryptographic keys over the life of the data. If keys are compromised, data is compromised. If keys are lost, data is lost, and business operations are impacted. Additionally, if you can't prove that your data and keys are protected, you'll fail an audit. Reduce the cost and complexity of managing encryption keys across a distributed infrastructure with consistent security controls, automated key services, and a single point of management. The HP Enterprise Secure Key Manager (HP ESKM) reduces your risk of costly data breaches and reputation damage, and eases compliance with industry regulations by requiring authorized access to your business-critical cryptographic keys.

  • Supports a broad range of HP encryption solutions
  • Supports hundreds of clients, millions of keys
  • Automatic clustering, key replication and failover
  • Strategic platform for industry-standard support
  • FIPS 140-2 Level 2 independent security validation



  • Management
    • Remote configuration and management — is available through a secure Web-based graphical user interface (GUI) and a command-line interface (CLI)
    • Management security — is provided with SSL communications, password-based authentication, fine-grained identity-based administrator privileges, audit logging, and multiple credentials for critical actions
    • Logging and monitoring — supports logging of all events, external Syslog/SIEM servers, SNMP v1/2/3 traps, and FIPS/Healthcheck status servers

Resiliency and high availability

  • Multiple recovery layers deliver near continuous access to encryption keys
    • Reliable hardware and software — >1 million unit-hours of operation with no failures or loss of access to customer data
    • Internal redundant components — mirrored disks, redundant fans, dual power supplies, dual AC power, and dual networks provide uptime
    • Clustering — distributed high-availability ESKM clusters and automatic replication of all keys and configurations support client access and failover to any node
  • Comprehensive backup and restore capabilities
    • Backup to internal disk, external storage, or removable media for offsite storage — Keys, users, and configurations can be safely and securely backed up as needed or on a regular schedule. ESKM backups are encrypted files and may not be read or restored outside the ESKM.
    • Restore supports selected or full ESKM recovery from previous backups — Keys, users, and configuration may be recovered to existing or new ESKM hardware for full disaster recovery.


  • HTTPS management — provides secure Web management
  • Secure Shell (SSHv2) — encrypts all transmitted data for secure, remote command-line interface (CLI) access over IP networks
  • Complete security solution
    • Preconfigured secure server — All ESKM software is preinstalled in a secure facility, and signed and verified at boot time, with no root access; unused ports/services are disabled.
    • High security settings — ESKM can be operated in FIPS mode using SSL and strong mutual client/server authentication.
    • Keys always protected — Keys are encrypted in transit to clients, at rest on disk, and in ESKM backup files.
    • Local certificate authority — Sign client certs; no external CAs needed.


  • ESKM supports a full range of HP/partner encryption solutions
    • StorageWorks ESL and EML LTO-4/5 tape libraries — protect sensitive data on tape media and deliver long-term access
    • StorageWorks B-Series Encryption Switch and Blades — SAN encryption for large storage networks
    • NonStop Volume Level Encryption (VLE) for disk and LTO-4/5 tape — data-at-rest encryption for mission-critical NonStop customer environments
    • HP partner encryption solutions — integrated via the ESKM Client Software Developer Kit (SDK)

Policy management

  • Automate security controls for sensitive data
    • Unified key management — Converged administration for encryption policy and key controls, spanning multiple encryption solutions.
    • Automate and enforce controls — Strong authentication and access controls to encryption keys; keys are available only to authorized clients or key-sharing groups.
    • Strong logging and auditability — Digitally signed logs record all administrator actions, system events, and client access.

Ease of use

  • Easy to use — GUI-driven central management and configuration


  • Enterprise scalability
    • Distributed clustering — ESKM clusters scale from 2 to 8 nodes for shared services in large enterprises spanning multiple data centers and geographies.
    • Hundreds of clients — Flexible client licensing; no fixed limit on the number, type, or location of clients enrolled with an ESKM cluster.
    • Millions of keys — Support for key rotation and fine-grained data protection policies using key-per-tape and key-per-disk models. Up to 4 KB in client-defined metadata may be included per key.

Free Consultation

Due to our numerous partnerships, we can provide unbiased opinions on the best solution for your environment.

Unbeatable Prices

Our partnership levels give us the highest product discounts which we pass on as savings to our customers.

Pro Services

Finish your IT projects on-time and under budget with our nation-wide team of senior level engineers.

24x7 Tech Support

Rest assured knowing that our U.S. based IT support team is here for you on nights, weekends and when you need us most.