HP Enterprise Secure Key Manager

When sensitive data at rest is encrypted, the threats of audit failures, financial losses, and damage to your organization's reputation are significantly reduced. However, whenever encryption is used to protect data at rest, a strong key management system is essential to control and preserve the underlying cryptographic keys over the life of the data. If keys are compromised, data is compromised. If keys are lost, data is lost, and business operations are impacted. Additionally, if you can't prove that your data and keys are protected, you'll fail an audit. Reduce the cost and complexity of managing encryption keys across a distributed infrastructure with consistent security controls, automated key services, and a single point of management. The HP Enterprise Secure Key Manager (HP ESKM) reduces your risk of costly data breaches and reputation damage, and eases compliance with industry regulations by requiring authorized access to your business-critical cryptographic keys.

Supports a broad range of HP encryption solutions
Supports hundreds of clients, millions of keys
Automatic clustering, key replication and failover
Strategic platform for industry-standard support
FIPS 140-2 Level 2 independent security validation

Features
Services & Suport
Model Specs
Data Sheets

Management

Management—
- Remote configuration and management — is available through a secure Web-based graphical user interface (GUI) and a command-line interface (CLI)
- Management security — is provided with SSL communications, password-based authentication, fine-grained identity-based administrator privileges, audit logging, and multiple credentials for critical actions
- Logging and monitoring — supports logging of all events, external Syslog/SIEM servers, SNMP v1/2/3 traps, and FIPS/Healthcheck status servers

Resiliency and high availability

Multiple recovery layers deliver near continuous access to encryption keys—
- Reliable hardware and software — >1 million unit-hours of operation with no failures or loss of access to customer data
- Internal redundant components — mirrored disks, redundant fans, dual power supplies, dual AC power, and dual networks provide uptime
- Clustering — distributed high-availability ESKM clusters and automatic replication of all keys and configurations support client access and failover to any node
Comprehensive backup and restore capabilities—
- Backup to internal disk, external storage, or removable media for offsite storage — Keys, users, and configurations can be safely and securely backed up as needed or on a regular schedule. ESKM backups are encrypted files and may not be read or restored outside the ESKM.
- Restore supports selected or full ESKM recovery from previous backups — Keys, users, and configuration may be recovered to existing or new ESKM hardware for full disaster recovery.

Security

HTTPS management — provides secure Web management
Secure Shell (SSHv2) — encrypts all transmitted data for secure, remote command-line interface (CLI) access over IP networks
Complete security solution—
- Preconfigured secure server — All ESKM software is preinstalled in a secure facility, and signed and verified at boot time, with no root access; unused ports/services are disabled.
- High security settings — ESKM can be operated in FIPS mode using SSL and strong mutual client/server authentication.
- Keys always protected — Keys are encrypted in transit to clients, at rest on disk, and in ESKM backup files.
- Local certificate authority — Sign client certs; no external CAs needed.

Integration

ESKM supports a full range of HP/partner encryption solutions—
- StorageWorks ESL and EML LTO-4/5 tape libraries — protect sensitive data on tape media and deliver long-term access
- StorageWorks B-Series Encryption Switch and Blades — SAN encryption for large storage networks
- NonStop Volume Level Encryption (VLE) for disk and LTO-4/5 tape — data-at-rest encryption for mission-critical NonStop customer environments
- HP partner encryption solutions — integrated via the ESKM Client Software Developer Kit (SDK)

Policy management

Automate security controls for sensitive data—
- Unified key management — Converged administration for encryption policy and key controls, spanning multiple encryption solutions.
- Automate and enforce controls — Strong authentication and access controls to encryption keys; keys are available only to authorized clients or key-sharing groups.
- Strong logging and auditability — Digitally signed logs record all administrator actions, system events, and client access.

Ease of use

Easy to use — GUI-driven central management and configuration

Scalability

Enterprise scalability—
- Distributed clustering — ESKM clusters scale from 2 to 8 nodes for shared services in large enterprises spanning multiple data centers and geographies.
- Hundreds of clients — Flexible client licensing; no fixed limit on the number, type, or location of clients enrolled with an ESKM cluster.
- Millions of keys — Support for key rotation and fine-grained data protection policies using key-per-tape and key-per-disk models. Up to 4 KB in client-defined metadata may be included per key.

HP Care Packs for HP Networking

HP Enterprise Secure Key Manager

3-year, 4-hour onsite, 13x5 coverage for hardware (HA103A3#Q0P)
3-year, 4-hour onsite, 24x7 coverage for hardware (HA104A3#Q0P)
3-year, 4-hour onsite, 24x7 coverage for hardware, 24x7 SW phone support and SW updates (HA110A3#Q0P)
3-year, 24x7 SW phone support, software updates (HA107A3#Q0P)
3 Yr 6 hr Call-to-Repair Onsite (HA105A3#Q0P)
1 year Next Business Day Onsite Hardware Support (HA101A1#Q0P)
3-year, 4-hour onsite, 13x5 coverage for HW, 13x5 SW phone support and SW updates (HA109A3#Q0P)
3-year Next Business Day Onsite Hardware Support (HA101A3#Q0P)
1-year, 4-hour onsite, 13x5 coverage for hardware (HA103A1#Q0P)
1-year, 4-hour onsite, 24x7 coverage for hardware (HA104A1#Q0P)
1-year, 6 hour Call-To-Repair Onsite for hardware (HA105A1#Q0P)
1-year, 24x7 software phone support, software updates (HA107A1#Q0P)
1-year, 4-hour onsite, 13x5 coverage for HW, 13x5 SW phone support and SW updates (HA109A1#Q0P)
1-year, 4-hour onsite, 24x7 coverage for hardware, 24x7 software phone support and software updates (HA110A1#Q0P)

HP Networking Services

Services that add value to your business

The warranties on HP Networking products provide a robust foundation for ongoing network support, but many customers have advanced support needs. Today's enterprise businesses, regardless of their size, are under increasing pressure to reduce the cost and complexity of supporting their network infrastructures. Demand for new services from businesses and their end users is constantly increasing. HP offers an affordable, comprehensive portfolio of networking services for organizations of all sizes. HP has a unique services advantage you can benefit from, and HP is the only vendor in the IT industry that can provide integrated and consistent support for your entire technology infrastructure worldwide, including networking, servers and storage, and imaging and printing, as well as desktop and mobile computing, to help you grow your business with expert support that is affordable, personal, and scaled to your needs. HP Networking's implementation and design centers simplify your network planning, while HP Technology and Enterprise Services deliver choice and flexibility.

HP provides a full range of custom services to meet the end-to-end networking needs of our customers. HP Network Lifecycle Services form the core foundation of network consulting, assessments, planning, design, integration, deployment, and management. They are available as standalone services or can be crafted to deliver solutions across the services portfolio, spanning network performance, network security and risk management, global deployment, data center networking, wireless LAN/mobility, and Unified Communications and Collaboration.

	HP Enterprise Secure Key Manager (AJ575A)
Included accessories
	1 HP ESKM Additional Client License (BB741AA)
Ports
	2 RJ-45 autosensing 10/100/1000 ports (IEEE 802.3 Type 10BASE-T, IEEE 802.3u Type 100BASE-TX, IEEE 802.3ab Type 1000BASE-T); Duplex: 10BASE-T/100BASE-TX: half or full; 1000BASE-T: full only
	1 RS-232C serial console port
Physical characteristics
Dimensions	29.4(d) x 19.2(w) x 1.7(h) in. (74.68 x 48.77 x 4.32 cm) (1U height)
Full configuration weight	36 lb. (16.33 kg)
Memory and processor
Processor	4-core Intel® Xeon® Processor E5640 @ 2660 MHz, 4 GB DDR3 DIMM; storage: 12 MB L3 cache included
Mounting
	1U rack mount, dual locking front bezel, and rack-mounting rails included.
Environment
Operating temperature	50°F to 95°F (10°C to 35°C); at sea level; an altitude derating of 1.0°C per every 305 m (1.8°F per every 1000 ft) above sea level
Operating relative humidity	10% to 90% @ 82.4°F (28°C), noncondensing
Nonoperating/Storage temperature	-40°F to 150.1°F (-40°C to 65.6°C); maximum rate of change is 20° C/hr (36°F/hr).
Nonoperating/Storage relative humidity	5% to 95% @ 101.7°F (38.7°C), noncondensing
Altitude	up to 10,000 ft. (3 km)
Electrical characteristics
Maximum heat dissipation	290 BTU/hr (305.95 kJ/hr)
Voltage	100-240 VAC
Idle power	85 W
Maximum power rating	135 W
Frequency	50/60 Hz
Notes	Idle power is the actual power consumption of the device with no ports connected.; Maximum power rating and maximum heat dissipation are the worst-case theoretical maximum numbers provided for planning the infrastructure with fully loaded PoE (if equipped), 100% traffic, all ports plugged in, and all modules populated.; Each HP ESKM node ships with dual redundant power supplies and two IEC-IEC power cords intended for rack mounting with dual power distribution units (PDUs) and/or uninterruptible power supplies (UPS) for highest availability. HP ESKM nodes may also be powered using two optional regional power cords connecting to receptacles on separate branch circuits for highest availability. Select from list below.
Emissions
	FCC Class A; CISPR 22; EN 55022; EN 55024; CNS 13438; FCC CFR 47 Part 15; ICES-003; EN 61000-3-2; EN 61000-3-3; EN 60950-1; IEC 60950-1
Management
	Web-based management interface (GUI), command-line interface (CLI), SNMP v1/2/3 (traps only)
Features
	Centralized, secure, scalable encryption key management services : – Establish, automate, and enforce data protection and compliance policies – Secure key generation, retrieval, and access auditing for enrolled clients – Keys are encrypted at all times: in the database, in transit to clients, and in backup files – No fixed limit (100s) on enrolling key-using client devices or applications – Capacity of 2 million keys, with 8 HP ESKM nodes per distributed cluster Strong auditable security for data-at-rest encryption keys : – Security hardened Linux-based server appliance; all keys and backups are encrypted at rest and in motion – Granular control of key access to key owners or defined key-sharing groups – Certificate-based authentication, secure administration and audit logging – ESKM is fully validated to FIPS 140-2 Level 2, NIST CMVP Certificate #1516 – Locking front bezel, pick-resistant locks for security officer dual control Reliable near continuous access to business-critical keys for their lifetime : – Mirrored internal storage, redundant networks, and power and cooling – Multisite high-availability clustering and secure transparent key replication – Comprehensive monitoring, recovery, backup, and restore functionality All software and hardware is included and preinstalled in a secure facility : – Operating system, database, Web administration, clustering, key services, logging/auditing, online help, and local certificate authority – One client license is included per ESKM node; additional licenses are optional and easy to install – Compact 1U server appliance, dual locking front security bezel, processor, memory, RAID 1 storage controller, mirrored disks, dual networks, redundant power supplies and cooling – Accessories included: 2 sets of keys, power cords, null modem serial cable, rack-mounting hardware, and documentation CD
Notes
	Each HP Enterprise Secure Key Manager node ships with redundant power supplies and IEC-IEC power cords suited for rack mounting with dual power distribution units (PDUs) or uninterruptible power supplies (UPS) for highest availability. An ESKM node may also be powered using two optional power cords connected to receptacles on separate branch circuits. HP recommends two such regional power cords be ordered for each ESKM node. Optional power cords (for connection to standard wall outlets) AF556A (1.83 m), 10 A, 110 V, C13 to NEMA 5-15; N. America AF568A (1.83 m), 10 A, 250 V, C13 to CEE7-VII; Europe AF570 (1.83 m), 10 A, 250 V, C13 to BS-1363-A; UK/Hong Kong/Singapore AF566A (1.83 m), 10 A, 250 V, C13 to DK 2.5A; Danish AF565A (1.83 m), 10 A, 250 V, C13 to SEV 1011; Swiss AF571A (1.83 m), 10 A, 250 V, C13 to CE123-50; Italy/Chile AF557A (1.83 m), 10 A, 250 V, C13 to GB1002; China AF591A (1.83 m), 10 A, 250 V, C13 to NRB 14136; Brazil AF560A (1.83 m), 10 A, 250 V, C13 to KSC 8305; Korea AF564A (1.83 m), 10 A, 250 V, C13 to SI-32; Israel AF561A (1.83 m), 13 A, 110 V, C13 to CNS 690; Taiwan AF562A (2.0 m), 6 A, 250 V, C13 to IS 1293; India AF572A (2.0 m), 12 A, 110 V, C13 to JIS C8303; Japan AF558A (2.5 m), 10 A, 250 V, C13 to IRAM 2073; Argentina AF569A (2.5 m), 10 A, 250 V, C13 to AS3112-3; Australia, New Zealand AF567A (2.5 m ), 10 A, 250 V, C13 to SABS 164; South Africa

Data Sheets

HP Enterprise Secure Key Manager

Case sudies

HP Enterprise Secure Key Manager Technical Whitepaper

Encryption technology for HP StorageWorks LTO Ultrium Tape Drives (LTO-4 and LTO-5)

HP Enterprise Secure Key Manager

Management

Resiliency and high availability

Security

Integration

Policy management

Ease of use

Scalability

HP Care Packs for HP Networking

HP Networking Services

Data Sheets

Case sudies

Free Consultation

Unbeatable Prices

Pro Services

24x7 Tech Support