Key Management for vSphere Encryption

Alliance Key Manager for vSphere Encryption

Key Management for vSphere Encryption
800.357.1019
800.357.1019

Alliance Key Manager for vSphere Encryption enables VMware customers to use native vSphere and vSAN encryption to protect VMware images and digital assets while deploying a secure, compliant and affordable key manager. VMware customers can deploy multiple, redundant key servers as a part of the KMS Cluster configuration for maximum resilience and high availability. Meet compliance regulations and security best practices for your organization.

Encryption and Key Management for vSphere

VMware virtualization has been a game-changing technology for IT, providing efficiencies and capabilities that have previously been impossible for organizations constrained within a traditional IT data center world. With vSphere version 6.5 and vSAN version 6.6 VMware customers now have the ability to encrypt VMware managed virtual machines and virtual disk using Alliance Key Manager. Using the same FIPS 140-2 compliant technology that is in our hardware security module (HSM) and in use by over 3,000 customers, Alliance Key Manager for VMware brings a proven and mature encryption key management solution to vSphere encryption, with a lower total cost of ownership.
 
Certified by VMware

Alliance Key Manager is certified by VMware for use with vSphere version 6.5 and later, and for vSAN version 6.6. Customers can use a VMware certified and PCI-compliant key manager to both protect databases in VMware instances (SQL Server, MongoDB, etc.) and can now use the same VMware certified key manager to protect vSphere and vSAN managed assets.


Benefits of Encryption and Key Management Completely within VMware

By deploying Alliance Key Manager for VMware as a virtualized encryption key manager, enterprises are able to reduce hardware costs, lower operational costs, minimize the IT footprint, and a clear path for a future move to the cloud. In addition to supporting vSphere and vSAN encryption, Alliance Key Manager supports application and database encryption in deployed VMware virtual servers.


Meet Compliance Requirements

For VMware users who need to meet compliance, the key manager has been validated to the PCI Data Security Standard (PCI-DSS) in VMware by Coalfire, a PCI-qualified QSA assessor and independent IT and audit firm.  Enterprises across all industry verticals, regardless of where they deploy VMware, are subject to PCI-DSS compliance if they process electronic payments.  For VMware customers, FIPS 140-2 compliant encryption and key management for vSphere are a key defense for data security.  Additionally, Alliance Key Manager for VMware can also help businesses meet other compliance regulations such as GDPR, HIPAA, GLBA/FFIEC, FISMA, etc.  


Encryption and Key Management in the Cloud

As enterprises adopt Public and Private clouds, they bring their sensitive data with them – customer names, email addresses and other personally identifiable information (PII). While compliance regulations require protecting this information, encrypting this data has been a challenge for organizations who want the flexibility and security of a native VMware solution. By deploying Alliance Key Manager for VMware as a vCloud or AWS instance, customers can achieve their security and efficiency goals in a cloud environment. As you move to the cloud Alliance Key Manager for VMware will make the migration easy. 


Supported Versions of vSphere and vSAN

Alliance Key Manager for VMware version 4.6 supports and is certified for vSphere version 6.5 and later, and vSAN version 6.6 and later. Current Alliance Key Manager customers on a support contract can upgrade to version 4.6 at no charge. 


VMware Technology Alliance Partner

Townsend Security is a VMware Technology Alliance Partner (TAP) and Alliance Key Manager for VMware has achieved VMware Ready status.  This designation indicates that after a detailed validation process Alliance Key Manager for VMware has achieved VMware's highest level of endorsement.
 

Encryption Services

128-bit AES encryption and decryption, ECB mode

192-bit AES encryption and decryption, ECB mode

256-bit AES encryption and decryption, ECB mode

128-bit AES encryption and decryption, CBC mode

192-bit AES encryption and decryption, CBC mode

256-bit AES encryption and decryption, CBC mode

Key Sizes

AES 128, 192, 256 bit symmetric keys

RSA 1024,2048, 3072, 4096 bit asymmetric keys

Supported Environments

VMware ESX

vSphere 6.5 and later

vSAN 6.6 and later

Case Studies

Citizens Security Life Insurance (CSLI)

Compliance Made Easy - Protecting Private Information with Alliance AES/400 Encryption for IBM i and Alliance Key Manager for VMware.

Monitronics Security & Alliance Key Manager for VMware

Understanding the importance of security, Monitronics turned to Townsend Security to protect their customers’ personal data with encryption and key management. 

eBooks

VMware Encryption - 9 Components of a Defensible Encryption Strategy

Businesses processing sensitive data and running business critical applications in VMware must protect these assets using encryption. 

Solution Briefs

Alliance Key Manager for VMware

Using the same FIPS 140-2 compliant technology that is in Townsend Security’s (HSM), Alliance Key Manager for VMware enables enterprises to meet compliance requirements and accelerate deployment of mission critical security technology.

Alliance Key Manager for vSphere

VMware users can protect VM Images and vSAN with with Alliance Key Manager, Townsend Security’s FIPS 140-2 compliant encryption key manager.
 

Securing Alliance Key Manager for VMware

This paper discusses general security recommendations for the VMware environment as a whole and is based on guidance provided by standards organizations (Payment Card Industry, etc.), VMware, and independent security assessors.

Datasheets

Alliance Key Manager

Alliance Key Manager works with all major business platforms, cloud platforms, and leading encryption applications.

White Papers

Security Challenges and Considerations with VMware Encryption & Key Management

Applying security in a VMware environment introduces unique challenges.  When systems are no longer dedicated and share a common physical architecture, the issues of access and encryption controls is critical.

VMware Product Applicability Guide (PAG) for PCI DSS version 3.0

Working with Coalfire, a PCI-qualified QSA assessor and independent IT audit firm, Townsend Security has released of a PCI DSS Product Applicability Guide for Alliance Key Manager for VMware.