Alliance Key Manager for IBM Cloud for VMware

Encryption Key Management for IBM Cloud for VMware

By running Alliance Key Manager for IBM Cloud for VMware, enterprises can encrypt VMs and vSAN virtual directories and protect private information in their applications and databases with a dedicated key manager - with no access to encryption keys by IBM Cloud.

    Encryption and Key Management on IBM Cloud for VMware
    As VMware users turn to IBM Cloud, they bring their sensitive data with them – customer names, email addresses and other personally identifiable information (PII). While compliance regulations require protecting this information, encrypting this data has been a challenge for organizations who want the flexibility and security of a native VMware encryption key manager. By deploying Alliance Key Manager for IBM Cloud for VMware, customers can achieve their security and efficiency goals in a cloud environment.


    Encrypt VMs and vSAN storage
    Alliance Key Manager can encrypt your VMs and vSAN storage that are managed by vSphere. Leveraging the KMIP interface in vSphere you can define one or more key managers to protect the encryption keys used to encrypt VMs and vSAN. Encrypting VMs and vSAN storage provides a rapid path to meeting security best practices and compliance regulations. There is no limit to the number of VMs or vSAN storage pools that you can protect. 


    Meet Compliance Requirements
    For VMware users who need to meet compliance, the solution has been validated for PCI DSS in VMware by Coalfire, a PCI-qualified QSA assessor and independent IT and audit firm.  Enterprises across all industry verticals, regardless of where they deploy VMware, are subject to PCI DSS compliance if they process electronic payments.  For VMware customers, FIPS 140-2 compliant encryption and key management are a key defense for data security.  Additionally, Alliance Key Manager for IBM Cloud for VMware can also help businesses meet other compliance regulations such as GDPR, CCPA, HIPAA, GLBA/FFIEC, FISMA, etc.


    Key Management Interoperability Protocol (KMIP) Support
    Meeting the OASIS KMIP standard enables interoperable communication between cryptographic environments and encryption key managers – which reduces the operational, training, and infrastructure costs for businesses. Applications and databases that support KMIP can deploy Alliance Key Manager to easily begin protecting encryption keys. 


    Enterprise Compatibility
    Alliance Key Manager for IBM Cloud for VMware supports all major enterprise platforms and offers a wide variety of client side applications.  With over 3,000 customers worldwide protecting information in Microsoft SQL Server, MongoDB, MySQL, and other databases, Alliance Key Manager for IBM Cloud for VMware is an easy to deploy, native centralized key management solution for VMware users.


    Encryption Key Management for Edge Computing
    Edge computing requires that applications and infrastructure move closer to end users to achieve performance and availability goals. For edge computing customers, this often means that application deployments move to cloud or remote on-premise facilities. With Alliance Key Manager for Edge Computing, businesses can affordably extend Alliance Key Manager to edge environments - in the cloud or on-premise. If you need encryption key management at the edge, contact us about our special program and pricing.


    Sample Client Binary and Source Applications
    Binary key retrieval and encryption libraries are provided for all major operating systems to enable rapid deployment of encryption key retrieval or on-device encryption applications. Sample source code is also provided for Python, PHP, Java, .NET (C#), C, and RPG applications. 


    Complete Audit Trail
    Built in logging allows administrators to track all key retrieval, key management, and system activity. Reports can be sent automatically to central log management, alerting facilities, or SIEM products for a timely and permanent record of activity. 


    VMware Ready Status
    Alliance Key Manager for IBM Cloud for VMware has achieved VMware Ready status. This designation indicates that after a detailed validation process Alliance Key Manager for IBM Cloud for VMware has achieved VMware’s highest level of endorsement and is supported on VMware ESXi  (all supported versions) for production environments.       


    Pricing Options for Your Needs & Budget
    With subscription and perpetual licensed options for the Alliance Key Manager, we have licensing options to fit your needs and budget. Additionally, there are never extra fees for deploying additional nodes, databases or applications - giving your encryption strategy the freedom to scale without having to come up with budget for added licenses.


    Deployment & Training Services Are Included
    Complexity is usually the largest concern in integrating encryption key management.  Townsend Security has simplified the process. When businesses choose Alliance Key Manager, they not only receive industry leading encryption key management, but free deployment and security hardening services. Townsend Security’s services team will: 

    • Install and initialize Alliance Key Manager (AKM) virtual image
    • TLS certificate management, download and expiration date tracking
    • Redundancy implementation of mirroring
    • Backup configuration support
    • Security log forwarding via Syslog
    • MFA activation
    • Installation and configuration of Admin Console for key lifecycle management
    • Key retrieval configuration including vSphere, SQL TDE, MongoDB TDE, etc... 


    Encryption Services

    128-bit AES encryption and decryption, ECB mode

    192-bit AES encryption and decryption, ECB mode

    256-bit AES encryption and decryption, ECB mode

    128-bit AES encryption and decryption, CBC mode

    192-bit AES encryption and decryption, CBC mode

    256-bit AES encryption and decryption, CBC mode

    Key Sizes

    AES 128, 192, 256 bit symmetric keys

    RSA 1024,2048, 3072, 4096 bit asymmetric keys

    Supported Environments

    VMware ESX

    VMware vSphere (ESXi)

    vSphere 6.5 and later

    vSAN 6.6 and later