Centralized Encryption Key Management Server (KMS)

Alliance Key Manager

Centrally manage your organization’s encryption keys with FIPS 140-2 compliant encryption key management.


    NIST CompliantImprove Security with Enterprise Key Management

    Once data is encrypted, your private information depends on enterprise level key management to keep that data safe.  The solution provides high availability, standards-based enterprise encryption key management to a wide range of applications and databases.


    FIPS 140-2 CompliantCompliant. Comprehensive. Cost Effective.

    Alliance Key Manager is a FIPS 140-2 compliant enterprise key manager that helps organizations meet compliance requirements and protect private information. The symmetric encryption key management solution creates, manages, and distributes 128-bit, 192-bit, and 256-bit AES keys for any application or database running on any Enterprise operating system. At no extra charge, deploy Townsend Security’s ready-to-use security applications for MongoDB, Microsoft SQL Server Transparent Data Encryption (TDE) and Cell Level Encryption (CLE), Microsoft SharePoint encryption, and other applications. There are never extra fees for based on the number of nodes/databases or deploying client-side applications.


    Validated to meet PCI DSSMeet PCI DSS Encryption Key Management Requirements

    For VMware users who need to meet compliance, Alliance Key Manager has been validated for PCI DSS in VMware by Coalfire, a PCI-qualified QSA assessor and independent IT and audit firm.  Enterprises across all industry verticals, regardless of where they deploy VMware, are subject to PCI DSS compliance if they process electronic payments.


    PCI DSS ValidatedKey Access Control Addresses PCI-DSS Requirements

    Encryption keys can be restricted based on several criteria. The most permissive level requires a secure and authenticated TLS session to the key server. Individual encryption keys can be restricted to users, groups, or specific users in groups. Enterprise-wide groups can be defined and keys can be restricted to Enterprise users, groups, or specific users in groups.



    Encryption and key management can help meet privacy requirements of the EU General Data Protection Regulation (GDPR), as well as the right of erasure (right to be forgotten).



    KMIP CompliantKey Management Interoperability Protocol (KMIP) Support

    Meeting the OASIS KMIP standard enables interoperable communication between cryptographic environments and encryption key managers – which reduces the operational, training, and infrastructure costs for businesses. Applications and databases that support KMIP can deploy Alliance Key Manager to easily begin protecting encryption keys.


    Enterprise ReadyEnterprise Compatibility

    Works with all major business platforms (IBM Power Systems i, IBM System z, Windows, and Linux), leading encryption applications, and legacy devices.  Alliance Key Manager is trusted by over 3,000 customers worldwide to protect intellectual property (IP), personally identifiable information (PII), and protected health information (PHI).


    SDK and applicationsSample Client Binary and Source Applications

    Binary key retrieval and encryption libraries are provided for all major operating systems to enable rapid deployment of encryption key retrieval or on-device encryption applications. Sample source code is also provided for Java, .NET (C#), C, RPG, and COBOL applications.


    High AvailabilityDependable, Reliable and Secure

    Alliance Key Manager mirrors keys between multiple key management appliances over a secure and mutually authenticated TLS connection for hot backup and disaster recovery support. Organizations can choose to mirror key managers on-premises, in the cloud, or a hybrid of the two.


    Complete Audit TrailComplete Audit Trail

    Built in logging allows administrators to track all key retrieval, key management, and system activity. Reports can be sent automatically to central log management, alerting facilities, or SIEM products for a timely and permanent record of activity.  



    Full Lifecycle Key ManagementKey Change and Rotation

    Automatically or manually rotate encryption keys. Security administrators can define the frequency of key rotation based on internal security policies. When a key change occurs, the new version is created and the old version is moved to a historical database and available for cryptographic operations.


    GUI System AdministrationGUI System Administration

    Alliance Key Manager provides a Java GUI application to create and manage encryption keys and access policies. All access to security administration is authenticated using TLS client and server authentication. A system option allows requiring multiple security administrator logins to meet compliance regulations for Dual Control. 


    Encryption ServiceOn-device Encryption and Decryption Services

    For applications that require the highest level of security, you can use the on-board NIST-compliant encryption and decryption services. The encryption key never leaves the key server device with on-board encryption services.   Small chunks of data, such as credit card numbers, Social Security numbers, e-mail addresses, etc., are prime examples of things you can use onboard encryption for effectively.


    Key Management PlatformsKey Management for Your Platform

    Customers can deploy Alliance Key Manager in VMware, or in the cloud (AWS, Azure, IBM Cloud).  Regardless of the platform, Alliance Key Manager runs the same FIPS 140-2 compliant software, allowing organizations to meet compliance requirements (PCI DSS, HIPAA, GDPR, etc.) and security best practices.


    ISV IntegrationISV Integration Features

    ISV and OEM customers can rapidly deploy embedded key management solutions using Alliance Key Manager's binary APIs. Encryption keys include user-defined fields for encryption key cross-reference requirements. Townsend Security works with ISVs and OEMs for branded and independently NIST validated solutions.  


    OEM IntegrationOEM Integration

    Alliance Key Manager is built for OEM integration.  Learn more about our OEM program and how to boost revenue and stay ahead of the competition.




    Interactive Graphic Symbol@2x.png This is an interactive graphic, click on the numbers above to learn more about each step

    Certifications and Validations

    NIST AES compliance (ECB and CBC modes of encryption)

    NIST SHA validation

    NIST RNG validation (x9.31)

    NIST HMAC validation

    NIST FIPS 140-2, level 1




    Microsoft SQL Server


    Encryption Services

    128-bit AES encryption and decryption, ECB mode

    192-bit AES encryption and decryption, ECB mode

    256-bit AES encryption and decryption, ECB mode

    128-bit AES encryption and decryption, CBC mode

    192-bit AES encryption and decryption, CBC mode

    256-bit AES encryption and decryption, CBC mode

    HSM Specifications

    Memory: 2GB RAM

    Processor: Intel I3-540, DUAL CORE, 3.06GHZ

    Storage: 2 x 300GB 15K SAS, RAID, Hot Swap

    Dimensions: 16.8” (W) x 1.7” (H) x 16.8” (D)

    Weight: 37.0 lbs ship weight

    Power: Dual redundant 100/240 VAC  (auto-range); 280W, 955 BTU/HR

    Temperature: 10°C ~ 35°C

    Humidity: 8 to 90%, non-condensing

    Compliance: CS, FCC, RoHS, VCCI


    TLS authenticated secure communications

    GUI console for key management

    Secure web application for server management

    Key Sizes

    AES 128, 192, 256 bit symmetric keys

    RSA 1024,2048, 3072, 4096 bit asymmetric keys

    Network Management



    Automatic log rotation

    Secure encrypted and integrity checked backups

    Case Studies

    Citizens Security Life Insurance (CSLI)

    Compliance Made Easy - Protecting Private Information with Alliance AES/400 Encryption for IBM i and Alliance Key Manager for VMware.

    Monitronics Security & Alliance Key Manager for VMware

    Understanding the importance of security, Monitronics turned to Townsend Security to protect their customers’ personal data with encryption and key management. 


    Quantum realizes revenue increase with custom encryption key management.  

    SlimTrader Protects Africa’s Personal Data

    SlimTrader says, “AKM for AWS is a Godsend. Finally we can do encryption and key management properly.”


    2018 Encryption Key Management: Industry Perspectives & Trends

    Security professionals know that encryption and key management are crucial to their security strategy and are often their biggest challenge. While encryption is a core security requirement, many organizations are lagging in regards to key management.       

    Encryption & Key Management Best Practices

    Following encryption and key management best practices is critical to protecting your sensitive data and preventing unwanted access to that data by hackers or by unauthorized employees. 

    Encryption Key Management Simplified

    This eBook is designed for both IT Administrators and Business Executives to learn the fundamentals of encryption key management.

    Overcome the Top 5 Fears of Encryption & Key Management

    This eBook is designed to help both IT Administrators and Business Executives overcome these top fears of encryption and key management. 

    Shift Left - Designing Applications for Encryption & Key Management

    Learn how to approach data security (encryption and key management) both from a design point of view as well as from an implementation point of view.

    The Definitive Guide to Encryption Key Management Fundamentals

    This eBook offers a definitive guide to protecting your encryption keys through their entire life-cycle.

    Solution Briefs

    Alliance Key Manager

    Alliance Key Manager (AKM) is a solution that provides Enterprise customers, OEMs, and ISVs with a secure method of managing encryption keys for their data security applications.

    Alliance Key Manager & The Cloud

    Learn how Alliance Key Manager helps meet the recommendations of the Cloud Security Alliance.

    Alliance Key Manager for VMware

    Using the same FIPS 140-2 compliant technology that is in Townsend Security’s (HSM), Alliance Key Manager for VMware enables enterprises to meet compliance requirements and accelerate deployment of mission critical security technology.

    Alliance Key Manager for Windows

    The biggest challenge to Windows users deploying encryption is the proper implementation of key management.

    Alliance Key Manager Platforms

    Alliance Key Manager is an encryption key manager that is available as a hardware security module (HSM), cloud HSM, VMware, or in the cloud (Microsoft Azure, Amazon Web Services, vCloud, etc.)

    Alliance Key Manager Platforms and Languages

    Alliance Key Manager (AKM) provides the strong protection for encryption keys that is central to a secure encryption strategy.

    Key Connection for Encrpytionizer

    Enterprises using NetLib’s Encryptionizer solution for whole database, column, file, folder and back up encryption can manage their encryption keys with KeyConnection for Encryptionizer.

    Key Connection for SQL Server

    Whether encrypting data with Transparent Data Encryption (TDE) or Cell Level Encryption on Microsoft SQL Server, managing the encryption keys with an encryption key manager is the best way to ensure the encrypted data remains secure.


    Alliance Key Manager

    Alliance Key Manager works with all major business platforms, cloud platforms, and leading encryption applications.

    White Papers

    Critical Steps to Encryption & Key Management in Microsoft Azure Cloud

    Authored by Stephen Wynkoop, SQL Server MVP and Founder/Editor at SSWUG.ORG, this white paper discusses the options and responsibilities for managing encryption in the Microsoft Azure Cloud.

    Encryption & Key Management in the Multi-Platform Environment

    The modern enterprise deploys a variety of server platforms, operating systems, and programming languages. A major barrier to deploying encryption has been the challenge of accessing encryption keys from these widely divergent environments.

    Encryption Key Management for IBM i

    Meeting compliance regulations for managing encryption keys is a challenge for IBM i administrators.  Understanding the core concepts presented in this white paper can prevent a variety of problems.

    Encryption Key Management for Microsoft SQL Server

    Organizations continue to experience billions in damaging losses due to data breaches. Protecting your SQL Server database with encryption is easier than ever.