Enterprise Key Management (ESKM)

Unprecedented Capacity

Benefit from the enormous capacity to manage more than 2 million keys, over 25,000 clients and thousands of ESKM hardware or virtual appliances.

Out-of-the box Software

Use ESKM right out of the box thanks to the pre-installed software which is digitally signed and verified for an immediate start.

Fitting FIPS Certification Level

Choose the right level of FIPS certification for your business from our four options.

Key Control and Management through a single pane of glass

• Control and Manage all keys for auditing controls with digitally signed logs and key lifecycle activities
• Reduce audit costs and accelerate visibility

Hardware-based Security on highest level

• Locking front bezel and dual pick-resistant locks for security officer dual control
• Security hardened Linux-based server appliance; designed as a FIPS 140-2 Levels 1, Level 2, Level 3 and Level 4 cryptographic module
• Supports mirrored internal storage, dual networks, dual power, and redundant cooling
• Terminal interface (serial RS-232C) and VGA for initial installation setup

Single and centralized root of trust

• Store the keys used for cryptographic functions by using the foundation on which all secure operations including key retrieval of vESKM depend
• Enables an inherently trusted ecosystem

Convenient Administration

• Configuration and automated keys replication through active-active cluster
• Automatic key replication
• Hands-off administration
• Automated backups and audit logging

Integrates with largest HPE ecosystem and third-party applications

• ESKM KMIP Integrations (BDT, Bloombase, Brocade, Cryptosoft, ETI-
  Net, Fornetix, Hitachi Vantara, IBM DB2, MongoDB, NetApp, OpenStack community, Project 6 Research, Quantum, Spectra Logic, Suse, Vmware, ZettaSet)
• HPE Security and Storage Solutions (Helion (OpenStack Barbican + HPSE), MF Autonomy (Connected MX Backup/Recovery), Nimble, NonStop, Secure Encryption (Proliant/smart array controller), SimplyVity/Hyper Converged, StoreEver, StoreEver Tape Library, StoreOnce, StoreServe 3PAR, XP, XP Storage)

Streamlining Data and Processes

• Unified enterprise key management
• Reliable policy controls
• Centralized administration and audit trails to assist in control attestation

Included Software for easy use

• Comprehensive monitoring, recovery, scheduled backups, and log rotations, restore functionality
• Web browser GUI and Command Line Interface supported
• Supports (among others): AES, 3-Key Triple DES, HMAC, RSA, and ECDSA key types
• SNMP alerts and SIEM log monitoring
• TLS and SSH for secure administrator remote access

Portfolio Support

• Further protection of keys at rest by integration of the Utimaco CryptoServer LAN HSM
• Full integration of vESKM (virtual appliance with FIPS 140-2 Level 1) or ESKM L2 (hardware appliance with FIPS 140-2 level 2) with the UTIMACO GP Hardware Security Module: CryptoServer LAN V5
• Integration of ESKM L3 and L4 with embedded CryptoServer PCIe card

Most Interoperable

• Support for partner applications and pre-qualified solutions through the first industry-certified Key Management Interoperability Protocol (KMIP)
• OASIS KMIP allows communication with clients for key management operations on cryptographic material, including symmetric and asymmetric keys, certificates, and templates
• Streamline security policies with a single approach for consistent controls and compliance audits through moving to KMIP
• Save money and time by using a single system to learn, control, maintain and audit, as well the ability to integrate new applications without having to reinvest in management
• Avoid vendor lock-in and outdated technology
• Enforces best practices with universal, automated key lifecycle controls

Easy Deployment and Simple Licensing

• Install, configure and simply drop in ESKM as hardware or virtual appliance.
• Access transparent client licensing, without hidden costs attached to volume of keys or scalability

Fulfills various compliance requirements

• Designed for NIST SP 800-131A and FIPS 140-2 Levels 1, Level 2, Level 3 and Level 4 requirements
• Certificate-based mutual client-server authentication, secure administration, and audit logging
• Common Criteria Evaluation Assurance Level (EAL 2+) certified
• Conforms with KMIP 1.0 through 2.1 specifications
• Performs automatic key replication, client load balancing, and fail-over
• Embedded Local Certificate Authority as an option to protect keys in transit

Robust Scalability and High Availability

• Separating clusters geographically across datacenters
• Supporting ten thousands of clients, thousands of virtual or hardware appliances and millions of keys
• Highly redundant hardware and failover

Custom Integrations and Scaled Deployments

• Use ESKM as a trusted key manager to safeguard the mission critical application keys to support custom use cases with open client libraries like OpenKMIP and PyKMIP
• Implements auto-registration with its native XML based KMS protocol
• Supporting the widest client integrations in the industry

Lower your costs and scale key management with Virtual Enterprise Secure Key Manager (vESKM)

• Quickly deploy the virtual appliance
• For high availability
• Easy expanding within your existing environment
• Centralizes cryptographic processing, security policies and key management in a FIPS 140-2 Level 1 compliant platform
• Adopt a virtual key management strategy easily