QuickSpecs
HPE Smart Array SR Secure Encryption QuickSpecs
Table of Contents
Do you need a secure encryption for drives on your HPE Gen9 and Newer servers without a lot of cost or complexity?
HPE Smart Array SR Secure Encryption is a controller-based data-at-rest encryption solution for any SAS/SATA drive (with the exception of tape drives) connected to the HPE Smart Array Controller or HPE Smart Host Bus Adapter (see compatibility below). HPE Smart Array SR Secure Encryption is a FIPS 140-2 Level 1 enterprise-class encryption solution that complies with regulations for sensitive data, such as HIPPA and Sarbanes-Oxley.
Overview
HPE Smart Array SR Secure Encryption is available for HPE ProLiant Gen8, Gen9, and Gen10 servers and for HPE Synergy Gen9 and Gen10 compute modules. Encryption is only supported on RAID volumes when using a controller that supports encryption. Secure Encryption is available for both local and remote key management methodologies. The remote key management mode requires Integrated Lights Out (iLO) Advanced or Scale Out editions v1.40 or later and supported remote secure key manager.
What’s New!
- − See iLO QuickSpecs for new supported remote secure key managers.
- − Additional controllers have completed FIPS 140-2 validation. See below for details.
Models | |
| HPE Smart Array SR Secure Encryption (Data at Rest Encryption/per Server Entitlement) E-LTU | Q2F26AAE |
| HPE Smart Array SR Secure Encryption Notes: HPE Smart Array SR Secure Encryption licensing is based on the number of servers requiring encryption enablement. Remote Key Management Mode requires a license for Integrated Lights Out Advanced or Scale Out editions (see QuickSpecs for more information), and requires supported remote secure key manager (typically sold in a clustered pair), and a client license per HPE ProLiant server connected to the remote secure key manager. See supported remote secure key manager options in this document. HPE Special Reminder:Before enabling encryption on the Smart Array controller module on this system, you must ensure that your intended use of the encryption complies with relevant local laws, regulations and policies, and approvals or licenses must be obtained if applicable. For any compliance issues arising from your operation/usage of encryption within the Smart Array controller module which violates the above-mentioned requirement, you shall bear all the liabilities wholly and solely. HPE will not be responsible for any related liabilities. Notes: Mixing SR and MR controllers within the same system is neither supported nor recommended. However, an exception exists for the HPE Smart Array E208e-p SR Gen10 Controller, which is supported when installed with MR Gen10+, Gen11 controllers in Gen10, Gen10+, Gen11, and Gen12 servers. Notes: ForSmart Array Controllers on Gen11 and beyond, remote Controller Based Encryption and One Button Secure Erase (OBSE) are not supported | |
Key Features
- – Encryption supported on logical volumes only
- – Automatic key management
- – Broad encryption coverage
- • Encrypts SAS/SATA drive and controller cache memory
- – Compliance with regulations such as HIPAA and Sarbanes-Oxley
- – FIPS 140-2 Level 1validated (see list of validated controllers below)
- – High Availability and Scalability
- • Local Key Management Mode
- • Remote Key Management Mode
- – Instant volume erase
- – Security reset function
- – Simplified Deployment and Management
Easy management using via HPE Smart Storage Administrator
Compatibility | |
| Supported Controllers | |
| HPE Smart Array Performance RAID P-class Controllers | |
| HPE Smart Array P816i-a SR Gen10 (16 Int Lanes/4GB Cache/SmartCache) 12G SAS Modular LH Controller | 869083-B21 |
| HPE Smart Array P816i-a SR Gen10 (16 Internal Lanes/4GB Cache/SmartCache) 12G SAS Modular Controller | 804338-B21 |
| HPE Smart Array P408i-p SR Gen10 (8 Internal Lanes/2GB Cache) 12G SAS PCIe Plug-in Controller | 830824-B21 |
| HPE Smart Array P408i-a SR Gen10 (8 Internal Lanes/2GB Cache) 12G SAS Modular LH Controller | 869081-B21 |
| HPE Smart Array P408i-a SR Gen10 (8 Internal Lanes/2GB Cache) 12G SAS Modular Controller | 804331-B21 |
| HPE Smart Array P408e-p SR Gen10 (8 External Lanes/4GB Cache) 12G SAS PCIe Plug-in Controller | 804405-B21 |
| HPE Smart Host Bus Adapters and Smart Array Essential RAID E-class Controllers | |
| HPE Smart Array E208i-p SR Gen10 (8 Internal Lanes/No Cache) 12G SAS PCIe Plug-in Controller | 804394-B21 |
| HPE Smart Array E208i-a SR Gen10 (8 Internal Lanes/No Cache) 12G SAS Modular LH Controller | 869079-B21 |
| HPE Smart Array E208i-a SR Gen10 (8 Internal Lanes/No Cache) 12G SAS Modular Controller | 804326-B21 |
| HPE Smart Array E208e-p SR Gen10 (8 External Lanes/No Cache) 12G SAS PCIe Plug-in Controller | 804398-B21 |
| HPE Smart Host Bus Adapters and Smart Array SR Controllers | |
| Microchip SmartRAID SR932i-p x32 Lanes 8GB Wide Cache NVMe/SAS 24G Controller for HPE Gen10 Plus | P04220-B21 |
| HPE SR932i-p Gen11 x32 Lanes 8GB Wide Cache PCI SPDM Plug-in Storage Controller | P47184-B21 |
Standard Features
Automatic Key Management
Encryption keys are automatically created, saved and deleted by the controller without user intervention or knowledge when logical drives are created or deleted.
Controller Key Cache (Remote Mode)
HPE Smart Array Performance RAID Controllers (e.g., P408i-a, P816i-a) can optionally store all keys local to the controller required at boot time enabling the server to survive a variety of network outages.
Controller Password
Protects the server in the event of theft by applying a secondary password upon boot to prevent unauthorized data access.
Dynamic Encryption
Dynamic encryption allows for a variety of non-disruptive features
- − Transition between local and remote modes seamlessly
- − Conversion of non-encrypted logical drives into encrypted logical drives
- − Rekey services for both data and key wraps
Encryption Keys
Data is protected using a series of keys that provide layered protection at the volume and drive levels. The solution utilizes AES 256-bit encryption keys. A primary key stored either at the controller level or on the remote secure key manager, is required to "unwrap" each successive layer.
FIPS Validation
HPE Smart Array SR Secure Encryption has been designed to meet National Institute of Standards and Technology (NIST) approved standards. See below for controllers that have completed FIPS 140-2 validation.
FIPS 140-2 Level 1 – Validation Complete (Link)
- − HPE Smart Array P816i-a Controller
- − HPE Smart Array P416ie-m Controller
- − HPE Smart Array P408i-p Controller
- − HPE Smart Array P408i-a Controller
- − HPE Smart Array P408e-p Controller
- − HPE Smart Array P408e-m Controller
- − HPE Smart Array P204i-c Controller
- − HPE Smart Array P204i-b Controller
FIPS 140-2 Level 1 - Validation Complete (Link)
- − HPE Smart Array P840 Controller
- − HPE Smart Array P542D Controller
- − HPE Smart Array P440ar Controller
- − HPE Smart Array P440 Controller
- − HPE Smart Array P240nr Controller
- − HPE H240nr Smart HBA
FIPS 140-2 Level 1 – Validation Complete (Link)
The validation certificate for these controllers has been moved to the Historical List. HPE is actively engaged in activities to return these controllers to the Validated Modules List.
- − HPE Smart Array P741m Controller
- − HPE Smart Array P440 Controller
- − HPE Smart Array P441 Controller
- − HPE Smart Array P246br Controller
- − HPE Smart Array P244br Controller
FIPS 140-2 Level 2 – Validation Complete (Link)
The validation for these controllers has been moved to the Historical List. HPE is actively engaged in activities to return these controllers to the Validated Modules List.
- − HPE Smart Array P830i Controller
- − HPE Smart Array P830 Controller
- − HPE Smart Array P731m Controller
- − HPE Smart Array P431 Controller
- − HPE Smart Array P430 Controller
- − HPE Smart Array 230i Controller
Firmware Lock
Prevents controller firmware from being modified unintentionally or by unauthorized personnel.
Supported Remote Secure Key Managers (Remote Mode Only)
See the iLO QuickSpecs document for details on supported remote secure key managers.
HPE Smart Storage Administrator
HPE Smart Storage Administrator (HPE SSA) v1.60.xx.0 and later provides the configuration and management of the cryptographic features of HPE Smart Array SR Secure Encryption associated with the controller.
Integrated Lights Out
HPE iLO Management is a comprehensive set of embedded management features supporting the complete lifecycle of the server, from initial deployment, through ongoing management, to service alerting and remote support. HPE iLO Management comes standard on all HPE ProLiant Gen8, Gen9, and Gen10 servers.
HPE iLO Advanced or Scale Out editions v 1.40 or later connect and auto register with the supported remote secure key manager. HPE iLO provides key exchange support between the controllers and the remote secure key manager to enable pre-boot support for OS disk encryption. Audit support is provided for all key management transactions.
Notes: For more information on iLO, visit: http://www.hpe.com/info/ilo
Instant Volume Erase
Ability to instantly cryptographically erase volumes.
Key Management Modes
Local Key Management Mode provides a simple key management solution, using just HPE SSA. Local Mode is focused on single server deployments where there is one Primary Key per controller that is managed by the user. All volumes still have their own unique key(s) for data encryption.
WARNING: Hewlett Packard Enterprise recommends that you keep a record of the Primary Keys when encryption is configured in Local Mode. The Local Primary Key is never displayed by any available tool or firmware because it is considered a cryptographic secret and should be protected as such. HPE Smart Array SR Secure Encryption design follows NIST architecture requirements and does not allow Hewlett Packard Enterprise to assist in the recovery of the Primary Key.
Remote Key Management Mode allows for the central management and secure key storage for all HPE Smart Array SR Secure Encryption keys. The remote secure key manager scales to support over 25,000 attached devices and millions of encryption keys. Remote Key Management Mode requires Integrated Lights Out (iLO) Advanced or Scale Out editions v1.40 or later and supported remote secure key manager.
Notes: Mixing SR and MR controllers within the same system is neither supported nor recommended. However, an exception exists for the HPE Smart Array E208e-p SR Gen10 Controller, which is supported when installed with MR Gen10+, Gen11 controllers in Gen10, Gen10+, Gen11, and Gen12 servers.
Notes: For Smart Array Controllers on Gen11 and beyond, remote Controller Based Encryption and One Button Secure Erase (OBSE) are not supported.
Key Rotation
Supports rekeying of all keys utilized by the controller to enable a robust key rotation strategy.
One-way Encryption
The HPE Smart Array SR Secure Encryption design is such that after a data-at-rest volume is encrypted, it cannot be converted back to plaintext. Restoration of data is required to revert back to plaintext.
Pre-deployment Support
Supports the ability to preconfigure all cryptographic security settings while in a server, then store the powered off controller for later use while retaining the security settings.
Security Reset Function
The feature clears all keys and passwords from the controller and places the controller’s encryption configuration in a factory new state.
Two Encryption Roles
HPE Smart Array SR Secure Encryption supports two roles for managing encryption services, a crypto officer role and a user role that has reduced privileges.
Volume Level Encryption
HPE Smart Array SR Secure Encryption provides flexibility in allowing the user to selectively encrypt at the volume level, regardless of RAID level.
Warranty
HPE Smart Array SR Secure Encryption has a 90-day media replacement from date of customer purchase. Services and support, beyond the 90-day warranty, is covered through the supported HPE Smart Array controllers.
HPE Smart Array Secure Encryption Supporting Document
For additional information, see the HPE Smart Array SR Secure Encryption Installation and User Guide.
Service and Support
HPE Services
No matter where you are in your digital transformation journey, you can count on HPE Services to deliver the expertise you need when, where and how you need it. From planning to deployment, ongoing operations and beyond, our experts can help you realize your digital ambitions.
Consulting Services
No matter where you are in your journey to hybrid cloud, experts can help you map out your next steps. From determining what workloads should live where, to handling governance and compliance, to managing costs, our experts can help you optimize your operations.
https://www.hpe.com/services/consulting
HPE Managed Services
HPE runs your IT operations, providing services that monitor, operate, and optimize your infrastructure and applications, delivered consistently and globally to give you unified control and let you focus on innovation.
Operational Services
Optimize your entire IT environment and drive innovation. Manage day-to-day IT operational tasks while freeing up valuable time and resources. Meet service-level targets and business objectives with features designed to drive better business outcomes.
https://www.hpe.com/services/operational
HPE Complete Care Service
HPE Complete Care Service is a modular, edge-to-cloud IT environment service designed to help optimize your entire IT environment and achieve agreed upon IT outcomes and business goals through a personalized experience. All delivered by an assigned team of HPE Services experts. HPE Complete Care Service provides:
- − A complete coverage approach – edge to cloud
- − An assigned HPE team
- − Modular and fully personalized engagement
- − Enhanced Incident Management experience with priority access
- − Digitally enabled and AI driven customer experience
HPE Tech Care Service
HPE Tech Care Service is the operational support service experience for HPE products. The service goes beyond traditional support by providing access to product specific experts, an AI-driven digital experience, and general technical guidance to not only reduce risk but constantly search for ways to do things better. HPE Tech Care Service delivers a customer-centric, AI driven, and digitally enabled customer experience to move your business forward. HPE Tech Care Service is available in three response levels. Basic, which provides 9x5 business hour availability and a 2-hour response time. Essential, which provides a 15-minute response time 24x7 for most enterprise level customers, and Critical, which includes a 6-hour repair commitment where available and outage management response for severity 1 incidents.
https://www.hpe.com/services/techcare
HPE Lifecycle Services
HPE Lifecycle Services provide a variety of options to help maintain your HPE systems and solutions at all stages of the product lifecycle. A few popular examples include:
- − Lifecycle Install and Startup Services: Various levels for physical installation and power on, remote access setup, installation and startup, and enhanced installation services with the operating system.
- − HPE Firmware Update Analysis Service: Recommendations for firmware revision levels for selected HPE products, taking into account the relevant revision dependencies within your IT environment.
- − HPE Firmware Update Implementation Service: Implementation of firmware updates for selected HPE server, storage, and solution products, taking into account the relevant revision dependencies within your IT environment.
- − Implementation assistance services: Highly trained technical service specialists to assist you with a variety of activities, ranging from design, implementation, and platform deployment to consolidation, migration, project management, and onsite technical forums.
- − HPE Service Credits: Access to prepaid services for flexibility to choose from a variety of specialized service activities, including assessments, performance maintenance reviews, firmware management, professional services, and operational best practices.
Notes: To review the list of Lifecycle Services available for your product go to: https://www.hpe.com/services/lifecycle
For a list of the most frequently purchased services using service credits, see the HPE Service Credits Menu
Other Related Services from HPE Services:
HPE Education Services
Training and certification designed for IT and business professionals across all industries. Broad catalogue of course offerings to expand skills and proficiencies in topics ranging from cloud and cybersecurity to AI and DevOps. Create learning paths to expand proficiency in a specific subject. Schedule training in a way that works best for your business with flexible continuous learning options.
https://www.hpe.com/services/training
Defective Media Retention
An option available with HPE Complete Care Service and HPE Tech Care Service and applies only to Disk or eligible SSD/Flash Drives replaced by HPE due to malfunction.
Consult your HPE Sales Representative or Authorized Channel Partner of choice for any additional questions and services options.
Parts and Materials
HPE will provide HPE-supported replacement parts and materials necessary to maintain the covered hardware product in operating condition, including parts and materials for available and recommended engineering improvements.
Parts and components that have reached their maximum supported lifetime and/or the maximum usage limitations as set forth in the manufacturer's operating manual, product quick-specs, or the technical product data sheet will not be provided, repaired, or replaced as part of these services.
How to Purchase Services
Services are sold by Hewlett Packard Enterprise and Hewlett Packard Enterprise Authorized Service Partners:
- − Services for customers purchasing from HPE or an enterprise reseller are quoted using HPE order configuration tools.
- − Customers purchasing from a commercial reseller can find services at https://ssc.hpe.com/portal/site/ssc/
AI-Powered and Digitally Enabled Support Experience
Achieve faster time to resolution with access to product-specific resources and expertise through a digital and data-driven customer experience
Sign into the HPE Support Center experience, featuring streamlined self-serve case creation and management capabilities with inline knowledge recommendations. You will also find personalized task alerts and powerful troubleshooting support through an intelligent virtual agent with seamless transition when needed to a live support agent.
https://support.hpe.com/hpesc/public/home/signin
Consume IT On Your Terms
HPE GreenLake edge-to-cloud platform brings the cloud experience directly to your apps and data wherever they are—the edge, colocations, or your data center. It delivers cloud services for on-premises IT infrastructure specifically tailored to your most demanding workloads. With a pay-per-use, scalable, point-and-click self-service experience that is managed for you, HPE GreenLake edge-to-cloud platform accelerates digital transformation in a distributed, edge-to-cloud world.
- − Get faster time to market
- − Save on TCO, align costs to business
- − Scale quickly, meet unpredictable demand
- − Simplify IT operations across your data centers and clouds
To learn more about HPE Services, please contact your Hewlett Packard Enterprise sales representative or Hewlett Packard Enterprise Authorized Channel Partner. Contact information for a representative in your area can be found at "Contact HPE" https://www.hpe.com/us/en/contact-hpe.html
For more information
Summary of Changes
| Date | Version History | Action | Description of Change |
|---|---|---|---|
| 16-Feb-2026 | Changed | New branding applied to document. | |
| 25-Aug-2025 | Changed | Standard Features section was updated. | |
| Added | Added note on mixing MR and SR controller support limitations Added SR932i-p Gen11 and Gen10 Plus to SKU list | ||
| Removed | HPE Smart Array Performance RAID P-class Controllers and HPE Smart Host Bus Adapters and Smart Array Essential RAID E-class Controllers OBS SKUs | ||
| 04-Dec-2023 | Changed | Standard Features Section was updated | |
| 11-Sep-2023 | Changed | Standard Features Section was updated | |
| 01-May-2023 | Changed | Service and Support, Standard Features Sections were updated | |
| 15-Nov-2021 | Changed | Service and Support Section was updated | |
| 18-Jan-2021 | Changed | Standard Features Section was updated | |
| 03-Feb-2020 | Changed | Compatibility Section was updated | |
| 13-May-2019 | Changed | Standard Features and Compatibility Sections were updated | |
| 15-Oct-2018 | Changed | Obsolete SKUs were removed | |
| 04-Jun-2018 | Changed | SKU descriptions were updated. | |
| 07-May-2018 | Changed | Overview, Standard Features, Compatibility, and Service and Support sections were updated: Updated Compatibility and FIPS Validation. | |
| Removed | Obsolete SKUs were deleted: 786087-B21, 698531-B21, 698529-B21, and 698530-B21. | ||
| 05-Feb-2018 | Changed | Updated Service and Support | |
| 23-Oct-2017 | Changed | Care Pack naming and Service and Support- Parts and Materials updated. | |
| 25-Sep-2017 | Added | Added compatibility with HPE Smart Array Gen10 Controllers. | |
| Changed | Overview, Standard Features, Service and Support were revised. | ||
| 27-Mar-2017 | Changed | Overview, Standard Features, Additional Features, Related Options, and Technical Specifications sections were updated. | |
| Added | New SKUs added in Overview and Related Options Sections: Q2F26AAE, 759557-B21, 851508-B21 | ||
| Removed | Obsolete SKUs were deleted: C9A82AAE, 815173-B21, 698535-B21, AJ940A, AJ941A, and QQ695A. | ||
| 29-Apr-2016 | Added | HPE Smart Array P240nr, P542D, P840ar SAS Controllers and HPE Smart HBA H240nr in the Related Options section. | |
| 16-Feb-2016 | Version 5 | Changed | Changes made throughout the QuickSpecs. |
| 11-Dec-2015 | Version 4 | Removed | HPE Secure Encryption No Media E-LTU per Drive and HPE Secure Encryption No Media Flexible License per Drive were removed from the QuickSpecs. |
| 08-Jun-2015 | Version 3 | Added | Added HPE Secure Encryption per Server Entitlement. |
| 09-Sep-2014 | Version 2 | Added | HPE Smart Array P244br, P440ar, P440, P441, P840 SAS Controllers were added to Models in the Related Options section. HPE Smart Host Bus Adapters were added to the Related Options section. |
| Changed | Changes made throughout the QuickSpecs. | ||
| 18-Feb-2014 | New | Initial version |
© Copyright 2026 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Microsoft and Windows are registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or othercountries.
c04318075, 14623 - Worldwide - V22 - 16-February-2026