StorMagic SvKMS: Encryption key management that adapts to any environment
StorMagic SvKMS is an encryption key management solution that can be deployed in any environment. It simplifies complex security and key management infrastructure by providing centralized management and, illustrated in fig. 1, the ability to deploy a KMS to wherever it is needed. This makes it perfect not only for the datacenter, but for the cloud and edge computing environments as well.
Whether on-prem, cloud or multi-cloud, SvKMS offers organizations the flexibility to locate their key management resources where required. It eliminates the need for hardware security modules (HSMs) and uses a REST API for easy integrations into any workflow with custom key imports facilitating an easy transition from legacy solutions.
StorMagic SvKMS is FIPS 140-2 certified, allows advanced identification and access management through SAML 2.0, and can be configured as a single- or multi-tenanted solution, making it an ideal choice for managed security solution providers.
This data sheet is broken down into four sections, covering the features in SvKMS, its requirements, hardware and software compatibility, and finally support levels.
Fig. 1: A typical SvKMS deployment serving keys remotely to any environment or workflow.
StorMagic SvKMS includes a comprehensive suite of features allowing control of the full key management lifecycle. These features are detailed in the table at the end of this document.
SvKMS has been built around maximizing the KMIP open standard to enable organizations to leverage it as part of their key management operations. With SvKMS you can centrally manage, store, and consolidate encryption key management tasks across cloud, SaaS, on-premise systems, and endpoint devices like mobile and IoT.
SvKMS gives customers the ability to deploy a flexible architecture with an option to bring your own key (BYOK). BYOK ensures encryption keys remain in the hands of the business, regardless of location. This gives business users control for data held off-premise – if the content owner disables access to the keys, it becomes impossible for the information to be decrypted by any third party.
Custom key import
Over time, an organization may have anything from hundreds to millions of keys being used within a complex cryptographic environment. SvKMS’s custom key import feature allows users to import keys that may have created by another key manager in a common format, or through a custom algorithm – including PGP, GPG, DES, CAST and Blowfish.
REST API integration and automation
Manually addressing all key management functions at the application level is time-consuming and inefficient, and old-style key managers are driven by complex, error-prone command line interfaces. StorMagic SvKMS has a flexible and robust REST API, allowing organizations to automate key management functions and create streamlined workflows.
Licensing and pricing
SvKMS is licensed on a per-node basis, with a Master Node license required, and subsequent Additional Node licenses depending on the size of the cluster. The base license grants the organization the use of up to 250 keys within the cluster, at no additional cost. If more than 250 keys are required for the cluster, these are charged individually per key.
A support contract of a minimum of 1 year must also be purchased with each SvKMS license. Customers can choose either Gold or Platinum levels of support over 1, 3 or 5 year terms. More information on these levels can be found in the Support section of this data sheet. Master Nodes and Additional Nodes must have the same level of support – the support levels cannot be mixed.
The SvKMS licenses are perpetual – they require just a single one-time payment and have full enterprise functionality included. The only ongoing payment that the customer must consider is the support contract, which must be renewed to retain functionality, support, patches and bug fixes.
A free, fully functional evaluation of SvKMS is available to download, enabling organizations to trial and experience the features and benefits of SvKMS, before purchasing.
For more information and to download an evaluation copy, visit stormagic.com/trial
|SvKMS Features||SvKMS 2.3|
|REST API – web page with more information
|BYOK/CSEK – web page with more information
|Conforms to KMIP server specifications – web page with more information
|Cluster management and high availability (HA)
|Full key management lifecycle
|Robust key management operations
|Painless backup and restore
|Hybrid on-premise/cloud configuration
|Proactive insights (manage notifications and alerts)
|Role-based access control (RBAC)
|Custom key import and HSM extension – web page with more information
|Sophisticated, single user interface (UI)
|Detailed auditing and logging, exportable to popular SIEMs
|FIPS 140-2 Level 1 compliance
|Advanced identity and access control
StorMagic SvKMS has the following minimum hardware requirements:
1Minimum of 8GB RAM required, 16GB recommended for large environments.
220GB HDD minimum requirement. For optimal performance, 40GB HDD recommended.
Hardware and Software Compatibility
StorMagic SvKMS is compatible with any x86 server, providing it meets the minimum requirements listed above. Furthermore, it can be run in any cloud and on any hypervisor, and has numerous integrations with other software solutions. Further details of these can be found in the tables below.
Cloud Platform Compatibility
Four major cloud providers – AWS, Azure, Google, Openstack – are supported by SvKMS and the solution can be deployed across one, or multiple providers, as required.
|Cloud Platform||SvKMS version|
|OpenStack – Version 15 (Train)|
SvKMS supports many different hypervisors, including VMware vSphere, Microsoft Hyper-V, Linux KVM, Nutanix AHV and Oracle VirtualBox. It is installed as a VM on top of the hypervisor, allowing advanced hypervisor features to be leveraged such as high availability and fault tolerance. The table below outlines SvKMS’ compatibility with different hypervisor versions.
|VMware||vSphere 6.7 & updates|
|vSphere 6.5 & updates|
|Microsoft||Windows Server 2016|
|Hyper-V Server 2016|
|Linux KVM||CentOS 8.0|
|Ubuntu 18.04 LTS|
There are a number of additional storage and database integrations for SvKMS that allow it to simplify the key management of an organization’s infrastructure. These are generally achieved through the use of KMIP. The integrations are listed below:
|VMware vSphere and vSAN||Enables vSphere VM encryption, via KMIP integration|
|Nutanix||Enables the use of self encrypting drives (SEDs), via KMIP integration|
|IBM DB2||SvKMS can create a centralized key store when using DB2 native encryption|
|MongoDB||Enables data-at-rest encryption through storage-based symmetric key encryption, via KMIP|
|NetApp ONTAP||SvKMS can act as a key management server for volume encryption, via KMIP|
|Veritas||SvKMS can act as the key management server for Veritas Netbackup encryption, via KMIP|
|Commvault||Using KMIP, SvKMS protects Commvault software encryption keys stored in a CommServe database|
SvKMS Maintenance and Support
SvKMS Maintenance & Support provides organizations with access to StorMagic support resources, including product updates, knowledgebase access and email support with our technical support staff.
Two levels are available. A summary of each is shown in the table below:
|Gold Support||Platinum Support|
|Hours of operation||8 hours a day1 (Mon – Fri)||24 hours a day2, (7 days a week)|
|Length of service||1, 3 or 5 years||1, 3 or 5 years|
|Access method||Email + Telephone
engagement form on
|Response method||Email + Webex||Email + Telephone +
|Maximum number of support administrators per contract||2||4|
|Response time||4 hours||1 hour|
1Gold Support is only available within the timezones of UTC/DST 07:00 to UTC/DST 01:00. If you fall outside of this range, you must purchase Platinum Support.
2Global, 24×7 support for Severity 1 – Critical Down & Severity 2 Degraded issues