Encryption enablement

The system supports two methods of configuring encryption. You can use a centralized key server that simplifies creating and managing encryption keys on the system. This method of encryption key management is preferred for security and simplification of key management. In addition, the system also supports storing encryption keys on USB flash drives. USB flash drive-based encryption requires physical access to the systems and is effective in environments with a minimal number of systems. For organizations that require strict security policies regarding USB flash drives, the system supports disabling these ports to prevent unauthorized transfer of system data to portable media devices. If you have such security requirements, use key servers to manage encryption keys.

You can also have a simultaneous configuration of both key servers and USB flash drives to ensure redundancy of access to encrypted data if either method becomes unavailable, or if the keys are permanently lost for one of the methods.

Notes:
  • To protect against permanent key loss for one of the methods, a simultaneous configuration must be planned. It is not permitted to enable another key method when the keys for an existing method have already been lost.
  • To enable and configure encryption on the system, a user must have one of the following user roles: SecurityAdmin, Administrator, or RestrictedAdmin.

The following list of encryption key server and USB flash drive characteristics might help you to choose the type of encryption enablement that you want to use.

Key servers can have the following characteristics:
  • Physical access to the system is not required to process a rekeying operation.
  • Support for businesses that have security requirements not to use USB ports.
  • Strong key generation.
  • Key self-replication and automatic backups.
  • Implementations follow an open standard that aids in interoperability.
  • Audit detail.
  • Ability to administer access to data separately from storage devices.
USB flash drives have the following characteristics:
  • Physical access to the system is required to process a rekeying operation.
  • No mechanical components to maintain with almost no read operations or write operations to the USB flash drive.
  • Inexpensive to maintain and use.
  • Convenient and easy to have multiple identical USB flash drives available as backups.