Encryption and Key Management in VMware vCloud on AWS

As VMware users turn to vCloud on AWS, they bring their sensitive data with them – customer names, email addresses and other personally identifiable information (PII). While compliance regulations require protecting this information, encrypting this data has been a challenge for organizations who want the flexibility and security of a native VMware encryption key manager. By deploying Alliance Key Manager for VMware as a vCloud instance, customers can achieve their security and efficiency goals in a cloud environment. 

Meet Compliance Requirements

For VMware users who need to meet compliance, the solution has been validated for PCI DSS in VMware by Coalfire, a PCI-qualified QSA assessor and independent IT and audit firm.  Enterprises across all industry verticals, regardless of where they deploy VMware, are subject to PCI DSS compliance if they process electronic payments.  For VMware customers, FIPS 140-2 compliant encryption and key management are a key defense for data security.  Additionally, Alliance Key Manager for VMware can also help businesses meet other compliance regulations such as GDPR, HIPAA, GLBA/FFIEC, FISMA, etc.  

Key Management Interoperability Protocol (KMIP) Support

Meeting the OASIS KMIP standard enables interoperable communication between cryptographic environments and encryption key managers – which reduces the operational, training, and infrastructure costs for businesses. Applications and databases that support KMIP can deploy Alliance Key Manager to easily begin protecting encryption keys. 

Enterprise Compatibility

Alliance Key Manager for VMware Cloud on AWS supports all major enterprise platforms and offers a wide variety of client side applications.  With over 3,000 customers worldwide protecting information in Microsoft SQL Server, MongoDB, Oracle, and other databases, Alliance Key Manager for VMware Cloud on AWS is an easy to deploy, native centralized key management solution for VMware users.

Sample Client Binary and Source Applications

Binary key retrieval and encryption libraries are provided for all major operating systems to enable rapid deployment of encryption key retrieval or on-device encryption applications. Sample source code is also provided for Java, .NET (C#), C, and RPG applications. 

Complete Audit Trail

Built in logging allows administrators to track all key retrieval, key management, and system activity. Reports can be sent automatically to central log management, alerting facilities, or SIEM products for a timely and permanent record of activity. 

VMware Ready Status

Alliance Key Manager for VMware Cloud on AWS has achieved VMware Ready status. This designation indicates that after a detailed validation process Alliance Key Manager for VMware Cloud on AWS has achieved VMware’s highest level of endorsement and is supported on VMware ESXi  (all supported versions) for production environments.       

Pricing Options for Your Needs & Budget

With subscription and perpetual licensed options for the Alliance Key Manager, we have licensing options to fit your needs and budget. Additionally, there are never extra fees for deploying additional nodes, databases or applications - giving your encryption strategy the freedom to scale without having to come up with budget for added licenses.

Deployment & Training Services Are Included
Complexity is usually the largest concern in integrating encryption key management.  Townsend Security has simplified the process. When businesses choose Alliance Key Manager, they not only receive industry leading encryption key management, but free deployment and security hardening services. Townsend Security’s services team will: 

• Install and initialize Alliance Key Manager (AKM) virtual image
• TLS certificate management, download and expiration date tracking
• Redundancy implementation of mirroring
• Backup configuration support
• Security log forwarding via Syslog
• MFA activation
• Installation and configuration of Admin Console for key lifecycle management
• Key retrieval configuration including vSphere, SQL TDE, MongoDB TDE, etc... 

VMware Technology Alliance Partner

Townsend Security is a VMware Technology Alliance Partner (TAP) and Alliance Key Manager for VMware has achieved VMware Ready status.  This designation indicates that after a detailed validation process Alliance Key Manager for VMware Cloud on AWS has achieved VMware's highest level of endorsement.