ESKM

Enterprise Secure Key Manager (ESKM)

The most interoperable and integrated Key Manager

Enterprise Secure Key Manager (ESKM)

  • Able to secure more than 2 million keys for at least 25,000 customers and thousands of ESKM nodes
  • Software included
  • Aligned with the different security approvals: FIPS 140-2 Level 1, 2, 3 and 4 (physical) and Common Criteria.

Key Benefits

Record Ability

Ability to manage more than 2 million keys, more than 25,000 customers and thousands of virtual devices or ESKM hardware.

Ready-to-use Software

Use ESKM right out of the box thanks to the pre-installed software and its instantly verified digital signature for immediate use.

FIPS Mounting Certification Level

Choose the appropriate level of FIPS certification for the business from four options.

Details

    • Secure Keys for Data at Rest, in Use and in Motion, with Full FIPS Certification

    Organizations must protect both their own data and that of their customers. ESKM provides a robust safeguard against cyber-attacks, misuse, fraudulent use and data breaches that can both jeopardize an organization’s reputation and brand and destabilize the business.

    Encryption is easy, and while key management can be difficult, it is certainly not impossible. ESKM secures keys and provides centralized management of these keys, saving time and money.

    ESKM is the first industry-certified Key Management Interoperability Protocol (KMIP) v2.1 offering with market-leading support for partner applications and pre-qualified solutions, integrating varied out-of-the-box implementations as well as custom integrations.

    • Key control and management through a single panel
    • Controls and manages all keys to audit controls with digitally signed logs and key lifecycle activities
    • Reduces audit costs and accelerates visibility

    Data and Process Streamlining

    • Unified enterprise key management
    • Reliable policy control
    • Centralized administration and audit trails to help in control certification

     

    Easy Implementation and Simple Licensing

    • Install, configure and run ESKM as hardware or as a virtual application.
    • Access transparent client licenses, with no surprise costs associated with key volume or scalability

    Hardware-based security at the highest level

    • Lockable front bezel and picking-resistant dual locks provide security managers with dual control.
    • Security hardened Linux-based server appliance; designed as a cryptographic module for FIPS 140-2 Level 1, Level 2, Level 3 and Level 4 use cases.
    • Supports duplicate internal storage, dual networks, dual power, and redundant cooling
    • Provides terminal interface (RS-232C series) and VGA for initial installation

    Software included for easy use

    • Allows comprehensive monitoring, recovery, scheduled backups and log rotations, restore functionality
    • Compatible with Web Browser GUI and Command Line Interface
    • Supports (among others): AES, 3-Key Triple DES, HMAC, RSA and ECDSA key types
    • Provides SNMP alerts and SIEM log monitoring
    • Provides TLS and SSH for administrator secure remote access

     

    Complies several compliance requirements

    • Designed for NIST SP 800-131A and FIPS 140-2 Level 1, Level 2, Level 3 and Level 4 requirements
    • Certificate-based mutual client-server authentication, secure administration and audit logging
    • Common Criteria Evaluation Assurance Level (EAL 2+) certified
    • Complies with KMIP 1.0 to 2.1 specifications
    • Performs automatic key replication, customer load balancing and failover
    • Integrated Local Certification Authority (PKI) as an option to protect keys in transit

    Single and centralized root of trust

    • Stores keys used for cryptographic functions using the foundation on which all secure operations depend (including vESKM key recovery)
    • Enables an inherently trusted ecosystem

    Portfolio Support

    • Additional key protection at rest through integration of Utimaco LAN HSM cryptographic server
    • Full integration of vESKM (virtual appliance for FIPS 140-2 Level 1 use cases) with UTIMACO GP hardware security module: CryptoServer LAN V5
    • ESKM L3 and L4 (physical) integration with integrated cryptoserver PCIe card

    Robust Scalability and High Availability

    • Geographically separates clusters between data centers
    • Thousands of customers, thousands of virtual or hardware devices and millions of keys supported
    • Highly redundant hardware and failover

    Appropriate Administration

    • Automatic key configuration and replication via active-active clustering
    • Enables direct administration
    • Performs automated backups and audit trails

     

    More Interoperable

    • Support for partner applications and pre-qualified solutions through the first industry-certified Key Management Interoperability Protocol (KMIP)
    • OASIS KMIP allows communication with customers for key management operations on cryptographic material, including symmetric and asymmetric keys, certificates and templates
    • Streamlines security policies with a single approach to achieve consistent controls and compliance audits by moving to KMIP
    • A single system for learning, monitoring, maintaining and auditing, as well as the ability to integrate new applications without having to reinvest in management
    • Avoids vendor lock-in and obsolete technology
    • Applies best practices with universal and automated key lifecycle controls

    Custom Integrations and Scaled Implementations

    • Simplified RESTful API interface for CRUD (Create, Read, Update, Delete) key and cryptographic operations
    • Supports open customer libraries such as KMIP, OpenKMIP and PyKMIP
    • Implements automatic registration with its native XML-based KMS protocol
    • Supports the industry’s broadest customer integrations

    Integrates with HPE’s largest ecosystem and third-party applications

    • ESKM KMIP Integrations (BDT, Bloombase, Brocade, Cryptosoft, ETI-Net, Fornetix, Hitachi Vantara, IBM DB2, MongoDB, NetApp, OpenStack community, Project 6 Research, Quantum, Spectra Logic, Suse, Vmware, ZettaSet)
    • HPE Storage and Security Solutions (Helion (OpenStack Barbican + HPSE), MF autonomy (Connected MX Backup/Recovery), agile, nonstop and secure encryption (Proliant controller/smart array), Simplicity/Hyperconverged, StoreEver, StoreEver Tape Library, StoreOnce, StoreServe 3PAR, XP, XP Storage)

    Reduce your costs and extend key management with Virtual Enterprise Secure Key Manager (vESKM)

    • A virtual appliance that is easily deployed
    • High availability
    • Easy expansion within an existing environment
    • Centralizes cryptographic processing, security policies and key management on a FIPS 140-2 Level 1 compliant platform
    • Easily deploy a virtual key management strategy