Encryption key management that adapts to any environment: SvKMS Data Sheet
StorMagic SvKMS is an encryption key management solution that can be deployed in any environment. It simplifies complex security and key management infrastructure by providing centralized management and, illustrated below, the ability to deploy a KMS to wherever it is needed. This makes it perfect not only for the datacenter, but for the cloud and edge computing environments as well.
Whether on-prem, cloud or multi-cloud, SvKMS offers organizations the flexibility to locate their key management resources where required. It eliminates the need for hardware security modules (HSMs) and uses a REST API for easy integrations into any workflow with custom key imports facilitating an easy transition from legacy solutions.
StorMagic SvKMS is FIPS 140-2 certified, allows advanced identification and access management through SAML 2.0, and can be configured as a single- or multi-tenanted solution, making it an ideal choice for managed security solution providers.
This data sheet is broken down into four sections, covering the features in SvKMS, its requirements, hardware and software compatibility, and finally support levels.
SvKMS Features
StorMagic SvKMS includes a comprehensive suite of features allowing control of the full key management lifecycle. These features are detailed in the table at the end of this document.
KMIP
SvKMS has been built around maximizing the KMIP open standard to enable organizations to leverage it as part of their key management operations. With SvKMS you can centrally manage, store, and consolidate encryption key management tasks across cloud, SaaS, on-premises systems, and endpoint devices like mobile and IoT.
BYOK
SvKMS gives customers the ability to deploy a flexible architecture with an option to bring your own key (BYOK). BYOK ensures encryption keys remain in the hands of the business, regardless of location. This gives business users control for data held off-premises – if the content owner disables access to the keys, it becomes impossible for the information to be decrypted by any third party.
Custom key import
Over time, an organization may have anything from hundreds to millions of keys being used within a complex cryptographic environment. SvKMS’s custom key import feature allows users to import keys that may have created by another key manager in a common format, or through a custom algorithm – including PGP, GPG, DES, CAST and Blowfish.
REST API integration and automation
Manually addressing all key management functions at the application level is time-consuming and inefficient, and old-style key managers are driven by complex, error-prone command line interfaces. StorMagic SvKMS has a flexible and robust REST API, allowing organizations to automate key management functions and create streamlined workflows.
Licensing and pricing
SvKMS is available in three tiers, known as ‘Editions’ – Essentials, Professional and Enterprise. Each Edition determines the type of use case and scale of the key management solution required. Depending on the Edition, SvKMS can be deployed as either an on-premises, or a cloud-based subscription service known as Key Management-as-a-Service (KMaaS). Details of the features included in each SvKMS Edition are provided in the features table at the end of the data sheet. More information on how SvKMS is licensed and priced can be found on the SvKMS Pricing webpage.
All StorMagic SvKMS subscriptions include our Platinum Enterprise Support service, which provides 24 hours per day, 7 days a week maintenance and support.
A free, fully functional evaluation of SvKMS is available to download, enabling organizations to trial and experience the features and benefits of SvKMS, before purchasing.
For more information and to download an evaluation copy, visit stormagic.com/trial.
System Requirements
StorMagic SvKMS is compatible with any x86 server, providing it meets the minimum hardware requirements, as listed in the table opposite.
Software Requirements
StorMagic SvKMS can be run in any cloud and on any hypervisor, and has numerous integrations with other software solutions. Further details of these can be found in the tables below.
Cloud Platform Compatibility
Four major cloud providers – AWS, Azure, Google and Openstack – are supported by SvKMS and outlined in the table opposite. The solution can be deployed across one, or multiple cloud providers, as required.
Hypervisor Compatibility
SvKMS supports many different hypervisors, including VMware vSphere, Microsoft Hyper-V, Linux KVM, Nutanix AHV and Oracle VirtualBox. It is installed as a VM on top of the hypervisor, allowing advanced hypervisor features to be leveraged such as high availability and fault tolerance. The table opposite outlines SvKMS’ compatibility with different hypervisor versions.
Integrations and Supported Workloads
Once SvKMS is deployed, it can be connected and integrated into many different services and workloads. The table below lists out the current available and documented integrations, however thanks to the REST API included within SvKMS, it can also easily integrate with proprietary applications within an organization. By bringing all of these workloads into a centralized key manager, the entire key management operation is dramatically simplified and far more secure.
For more detailed information on each of these integrations, alongside many others, please visit the SvKMS integrations page of the StorMagic website. Each solution’s integration is broken down in detail, with downloadable integration guides available for each one.
HSM Integrations
SvKMS also integrates with many leading HSM vendors, to provide centralized management and advanced key management capabilities to these hardware solutions that are typically favored by organizations for their reliability and ability to provide root-of-trust. The current list of compatible HSMs is detailed in the table opposite. For more information about how SvKMS integrates with HSMs, please visit the HSM extension page of the StorMagic website.
HSMs compatible with SvKMS:
Vendor | Model | SvKMS version | ||
2.4 | 2.5 | 2.6 | ||
Utimaco | CryptoServer CP5 | • | • | • |
Entrust | nShield Connect 5000+ | • | • | • |
nShield Connect 6000+ | • | |||
Thales | Luna 7.0 | • | • |
StorMagic SvKMS requirements:
CPU | 4x vCPUs |
Memory | 8GB RAM1 |
Disk | 20GB HDD2 |
2 20GB HDD minimum requirement. For optimal performance, 40GB HDD recommended.
Cloud service providers compatible with SvKMS:
Cloud Platform | SvKMS version | ||
2.4 | 2.5 | 2.6 | |
Google Cloud | • | • | • |
Amazon Web Services | • | • | • |
Microsoft Azure | • | • | • |
OpenStack – Version 15 (Train) | • | • | • |
Hypervisors compatible with SvKMS:
Hypervisor | SvKMS version | |||
2.4 | 2.5 | 2.6 | ||
VMware | vSphere 7.0 & updates | • | ||
vSphere 6.7 & updates | • | • | • | |
vSphere 6.5 & updates | • | • | • | |
Microsoft | Windows Server 2016 | • | • | • |
Hyper-V Server 2016 | • | • | • | |
Linux KVM | CentOS 8.0 | • | • | • |
CentOS 7.6 | • | • | • | |
RHEL 8.0 | • | • | • | |
RHEL 7.6 | • | • | • | |
Ubuntu 18.04 LTS | • | • | • | |
Oracle | VirtualBox 6.1 | • | • | • |
VirtualBox 6.0 | • | • | • | |
VirtualBox 5.2 | • | • | • | |
Nutanix | AHV 5.10 | • | • | • |
Integration | Explanation | SvKMS Version | ||
2.4 | 2.5 | 2.6 | ||
AWS EC2 and S3 | Support for external key management using BYOK | • | • | • |
Azure Key Vault Managed HSM | SvKMS can be used as an interface between Key Vault and third party HSMs | • | • | |
Azure Storage | Support for external key management using BYOK | • | • | • |
BitLocker | Use SvKMS to provide external, secure AES key protection for encryption and decryption of Windows drives | • | • | |
Commvault | SvKMS is a Commvault-certified key manager and uses KMIP to protect Commvault software encryption keys stored in a CommServe database | • | • | • |
Google Cloud EKM | Use SvKMS as an external key manager to protect data in Google Cloud, giving greater control than BYOK | • | • | |
IBM DB2 | SvKMS can create a centralized key store when using DB2 native encryption | • | • | • |
IBM Informix | Use KMIP for third party key management for storage space encryption (dbspaces, blobspaces, and smart blobspaces) | • | ||
MariaDB | SvKMS acts as a centralized key store for MariaDB native encryption, via the REST API | • | • | • |
MongoDB | Enables data-at-rest encryption through storage-based symmetric key encryption, via KMIP | • | • | • |
MySQL | Use SvKMS as a centralized key store for MySQL encryption, via KMIP | • | • | • |
NetApp ONTAP | SvKMS can act as a key management server for volume encryption, via KMIP | • | • | • |
Nutanix Prism | Enables the use of self encrypting drives (SEDs), via KMIP integration | • | • | • |
Salesforce Shield | Protect encrypted Salesforce data by using SvKMS as a key manager with BYOK | • | • | |
Veritas NetBackup | SvKMS can act as the key management server for Veritas Netbackup encryption, via KMIP | • | • | • |
VMware vSphere and vSAN | Enables vSphere VM encryption, via KMIP integration | • | • | • |
SvKMS Feature Table
SvKMS Features | Enterprise | Professional | Essentials |
---|---|---|---|
|
✓ | ✓ | |
|
Unlimited | 5 | 1 |
|
✓ | Up to 250 | Up to 50 |
|
✓ | ✓ | |
|
✓ | ✓ | |
|
✓ | ✓ | ✓ |
|
✓ | ✓ | ✓ |
|
✓ | ✓ | ✓ |
|
✓ | ✓ | ✓ |
|
N/A | N/A | N/A |
|
✓ | ✓ | ✓ |
|
✓ | ✓ | ✓ |
|
✓ | ||
|
✓ | ||
|
✓ | ✓ | |
|
✓ | ✓ | ✓ |
|
✓ | ✓ | ✓ |
|
✓ | ✓ | ✓ |
|
✓ | ✓ |