White Papers
Dell PowerEdge D@RE Offerings
9 OpenManage Secure Enterprise Key Manager- Best Practices Guide | Document ID
3 Dell PowerEdge D@RE Offerings
Keys to lock and unlock drives must be managed. PowerEdge provides two optional mechanisms for this:
LKM – managed by the PERC
Secure Enterprise Key Manager – Subject of this paper, managed by iDRAC
3.1 How to Choose Between LKM and Secure Enterprise Key Manager
The decision to use LKM or Secure Enterprise Key Manager can be based on the following criteria:
Budget
- LKM is a standard feature of PERC. Therefore, there is no additional licensing or hardware
required.
- Secure Enterprise Key Manager requires additional licensing and also an external key store
server (with associated licensing).
Threat Vectors
- One of the primary Threat Vectors addressed by Secure Enterprise Key Manager is server theft
(see While LKM protects data, if a drive or entire server is removed the data would still be
accessible. This is because the key is stored on the LKM PERC).
- With Secure Enterprise Key Manager, server possession does not allow access to data.
Day-to-day administration
- LKM - Customers must maintain PERC passwords in the event of PERC failure and
replacement.
- Secure Enterprise Key Manager– Keys are stored in a central repository (KMIP server) that could
be at a different physical location than the nodes which contain the drives. All that is required
monitoring the health of KMIP server.
Secure Enterprise Key Manager Integration across several Dell Solutions
- Secure Enterprise Key Manager has the ability to integrate PowerEdge with a Key Management
Server that is also managing keys for other Dell EMC products -
Avamar Backup and Recovery
Data Domain
Disk Library for Mainframe (DLm)
Elastic Cloud Storage (ECS)
ML3 Tape Library
SC Series Storage (formerly Compellent)
Unity Storage
VMAX Storage (formerly Symmetrix)
VxRail VMware Hyper-Converged Appliance
XC Series Hyper-Converged Appliance