White Papers

Best Practices for Secure Enterprise Key Manager Implementation

15 OpenManage Secure Enterprise Key Manager- Best Practices Guide | Document ID

Key rotation is initiated by iDRAC. Scripting can be also used to schedule the rotation.

5.2.3 Secure Enterprise Key Manager to iDRAC Authentication

iDRAC and Gemalto/SafeNet AT KeySecure. Secure Enterprise Key Manager servers support varying levels

of authentication for communication.

 None

 User ID

 PW

 Certificates

 IP

The more authentication that is utilized, the more trustworthy the communication and resistance to spoofing.

5.2.4 Cryptographic Erase

Cryptographic Erase is a NIST approved technique to sanitize media. By using capabilities of the Key

Management Server to erase the lock/unlock key for a drive, the encrypted data on the drive is

unrecoverable, effectively sanitizing the data. Cryptographic Erase can be used for normal reprovisioning of

drives, active data sanitization in hostile situations, or in response to a stolen drive or server.