I've taken over a project that involves configuring HPE Proliant DL360 Gen 11 servers, and I've hit a bit of a snag. Out of several servers, only one is the Gen 10 model, which comes with the Smart Array option for setting up RAID and encryption. The Gen 11 models don't have this feature. While I can configure RAID for the Gen 11 servers, I can't find any options to encrypt without the Smart Array. I was informed that the previous team selected the default configurations, which matter because our organization requires encryption before we can use these servers. Since it's been a while since I last configured a server, I'm wondering if there's a way to encrypt the Gen 11s without installing Smart Arrays or if I need to order and install them. Any advice?
3 Answers
It really depends on your organization’s policies. If they enforce hardware-level encryption strictly, you might have to get those Smart Array cards. But if your OS supports software encryption, that could work too, especially for virtualization setups. Just run the OS on non-encrypted drives if that's acceptable.
Why not just encrypt at the OS level with something like LUKS if your organization allows it? It might be a workaround for you.
In that case, buying Smart Array cards might be your best bet to meet your org’s requirements properly. It would save you future headaches!
I’d love to do that, but our guidelines specify encryption at the server level. I need to check with the Cybersecurity team to see if OS-level encryption is acceptable.