Steps for Integration

Utimaco ESKM integrates with HPE ProLiant Server to manage the encryption using a high-assurance, scalable key manager in a security-hardened appliance.

We must create “temporary credentials” on the ESKM for the iLO to authenticate and execute the enrollment steps:

1. Log in to the ESKM Management Console using the admin username and the password.

2. Go to Security > Users & Groups > Local Users.

3. Click on ADD.

4. Create a local user with the username “ilo_reg_user”.

a. Enable “User Administration Permission” to allow this user to create other client users.

b. Enable “Change Password Permission” to allow this user to change client user passwords.

c. Uncheck “Enable KMIP” and leave this field blank.

5. Go to Security > Users & Groups > Local Groups.

6. Click on ADD.

7. Create a user group which lists all servers under the “Group” that serves the same applications or functions.

a. Group: “FinanceGroup”, for the servers used by Finance applications, for example.

b. Group Type: ESKM.

8. Click on Save.

9. Go to Security > Keys & KMIP Objects > Create Keys.

10. Create a Key that will be used as a “master key” to encrypt “drive keys”.

a. Key Name: “FinanceMasterKey”, for example, or some preferred name.

b. Owner Username: ilo_reg_user.

c. Key Type: ESKM.

d. Algorithm: AES-256.

e. Exportable: Enable.

11. Click on Create.

12. Assign the master key to the group that was previously created.

13. Run a Key Query in the ESKM.

14. Find the key that you created in step 10.

15. Click on the key to view its properties.

16. Under “Group Permissions”, add the group to which this key is going to be a part of.

a. Export: select “Always”.

b. Full: select “Always”.

17. Click on Save.