StorMagic SvKMS: Encryption key management that adapts to any environment

Click here to download this data sheet in PDF format.

StorMagic SvKMS is an encryption key management solution that can be deployed in any environment. It simplifies complex security and key management infrastructure by providing centralized management and, illustrated in fig. 1, the ability to deploy a KMS to wherever it is needed. This makes it perfect not only for the datacenter, but for the cloud and edge computing environments as well.

Whether on-prem, cloud or multi-cloud, SvKMS offers organizations the flexibility to locate their key management resources where required. It eliminates the need for hardware security modules (HSMs) and uses a REST API for easy integrations into any workflow with custom key imports facilitating an easy transition from legacy solutions.

StorMagic SvKMS is FIPS 140-2 certified, allows advanced identification and access management through SAML 2.0, and can be configured as a single- or multi-tenanted solution, making it an ideal choice for managed security solution providers.

This data sheet is broken down into four sections, covering the features in SvKMS, its requirements, hardware and software compatibility, and finally support levels.

Fig. 1: A typical SvKMS deployment serving keys remotely to any environment or workflow.

SvKMS Features

StorMagic SvKMS includes a comprehensive suite of features allowing control of the full key management lifecycle. These features are detailed in the table at the end of this document.

KMIP

SvKMS has been built around maximizing the KMIP open standard to enable organizations to leverage it as part of their key management operations. With SvKMS you can centrally manage, store, and consolidate encryption key management tasks across cloud, SaaS, on-premise systems, and endpoint devices like mobile and IoT.

BYOK

SvKMS gives customers the ability to deploy a flexible architecture with an option to bring your own key (BYOK). BYOK ensures encryption keys remain in the hands of the business, regardless of location. This gives business users control for data held off-premise – if the content owner disables access to the keys, it becomes impossible for the information to be decrypted by any third party.

Custom key import

Over time, an organization may have anything from hundreds to millions of keys being used within a complex cryptographic environment. SvKMS’s custom key import feature allows users to import keys that may have created by another key manager in a common format, or through a custom algorithm – including PGP, GPG, DES, CAST and Blowfish.

REST API integration and automation

Manually addressing all key management functions at the application level is time-consuming and inefficient, and old-style key managers are driven by complex, error-prone command line interfaces. StorMagic SvKMS has a flexible and robust REST API, allowing organizations to automate key management functions and create streamlined workflows.

Licensing and pricing

SvKMS is licensed on a per-node basis, with a Master Node license required, and subsequent Additional Node licenses depending on the size of the cluster. The base license grants the organization the use of up to 250 keys within the cluster, at no additional cost. If more than 250 keys are required for the cluster, these are charged individually per key.

A support contract of a minimum of 1 year must also be purchased with each SvKMS license. Customers can choose either Gold or Platinum levels of support over 1, 3 or 5 year terms. More information on these levels can be found in the Support section of this data sheet. Master Nodes and Additional Nodes must have the same level of support – the support levels cannot be mixed.

The SvKMS licenses are perpetual – they require just a single one-time payment and have full enterprise functionality included. The only ongoing payment that the customer must consider is the support contract, which must be renewed to retain functionality, support, patches and bug fixes.

A free, fully functional evaluation of SvKMS is available to download, enabling organizations to trial and experience the features and benefits of SvKMS, before purchasing.

For more information and to download an evaluation copy, visit stormagic.com/trial

SvKMS Features SvKMS 2.3
REST API – web page with more information

  • Applications can connect, interact and integrate directly with SvKMS.
  • A common interface for key management operations (get, fetch, rotate, etc.)
  • Build automation workflows and integrate with use cases limited by previous standards like PKCS#11.
tick-150x150
BYOK/CSEK – web page with more information

  • Encrypt data and retain control and management of encryption keys even in the cloud.
  • Generate strong keys and control secure export of keys to the cloud, strengthening key management practices.
  • Separate the lock (encryption) from the key (encryption key)
tick-150x150
Conforms to KMIP server specifications – web page with more information

  • Only one key management service is necessary to facilitate all key encryption requirements.
  • Deploy as a KMIP server in a virtual environment in minutes, for a fraction of the cost and effort of an HSM.
  • Reduce overheads/administration related to managing encrypted data, such as tape drives, databases, storage array and software, through centralized management.
tick-150x150
Cluster management and high availability (HA)

  • Easily activate a new key management installation.
  • Simple KMS setup for both a single instance and a complex HA cluster.
  • Supports both two and 2N+1 configurations.
tick-150x150
Full key management lifecycle

  • Ensure compliance and enact robust key policies.
tick-150x150
Robust key management operations

  • Ensure key management requests are restricted to specific IP addresses so only authorized personnel and systems can access keys.
  • Automate rotations to improve security and meet policy guidelines, as well as reduce administrative overhead.
  • Perform key management functions (create, delete, rotate etc.) in bulk to increase efficiency.
tick-150x150
Painless backup and restore

  • Saves and stores the current SvKMS state for future restoration.
  • Set on-demand and scheduled backups to an external location, restoring them when required.
tick-150x150
Hybrid on-premise/cloud configuration

  • Generate, store and provision keys on-premise, in the datacenter and/or in private, public or multi-clouds.
tick-150x150
Proactive insights (manage notifications and alerts)

  • Audits all activity related to key data that can include anything from key creation, to rotation and compromise.
  • Provides alerts on activity in a cryptographic system that requires further investigation in order to detect and prevent breaches or other issues.
tick-150x150
Role-based access control (RBAC)

  • Allows the administrator to segment and control access to encrypted systems.
  • Allows groups to handle who may access a key. For example, a group for databases may allow certain key users access to unencrypt certain data but may exclude other key users within the storage group.
tick-150x150
Custom key import and HSM extension – web page with more information

  • Manage old key types and secrets – such as PGP, DES, CAST and Blowfish – from one centralized key manager.
  • Consolidate key management into a single pane of glass, while extending the life of in-house hardware security modules (HSMs).
  • Can serve as an abstraction in front of an HSM, provisioning keys out through the key manager which can then perform many key management lifecycle functions.
tick-150x150
Sophisticated, single user interface (UI)

  • Simplifies the encryption process through an easy-to-use and modern UI.
  • Provides both a UI and API to manage many key management functions and use cases, all from one interface.
tick-150x150
Detailed auditing and logging, exportable to popular SIEMs

  • Analyze and report on key management activities to uncover potential threats.
  • Collects data through the use of the syslog format, which can then be exported to external SIEM tools.
tick-150x150
FIPS 140-2 Level 1 compliance

  • Meets the highest levels of NIST compliance for a key management software product.
tick-150x150
Advanced identity and access control

  • Supports certificate authority functions including signing, revocation, time and date.
  • Supports version 2 of the Security Assertion Markup Language (SAML) standard.
  • Integrates with any SAML-standard identity providers including ADFS and OKTA.
tick-150x150

System requirements

StorMagic SvKMS has the following minimum hardware requirements:

CPU 4x vCPUs
Memory 8GB RAM1
Disk 20GB HDD2

1Minimum of 8GB RAM required, 16GB recommended for large environments.
220GB HDD minimum requirement. For optimal performance, 40GB HDD recommended.

 

Hardware and Software Compatibility

StorMagic SvKMS is compatible with any x86 server, providing it meets the minimum requirements listed above. Furthermore, it can be run in any cloud and on any hypervisor, and has numerous integrations with other software solutions. Further details of these can be found in the tables below.

Cloud Platform Compatibility

Four major cloud providers – AWS, Azure, Google, Openstack – are supported by SvKMS and the solution can be deployed across one, or multiple providers, as required.

Cloud Platform SvKMS version
2.3
Google Cloud tick-150x150
Amazon EC2 tick-150x150
Microsoft Azure tick-150x150
OpenStack – Version 15 (Train) tick-150x150

 

Hypervisor Compatibility

SvKMS supports many different hypervisors, including VMware vSphere, Microsoft Hyper-V, Linux KVM, Nutanix AHV and Oracle VirtualBox. It is installed as a VM on top of the hypervisor, allowing advanced hypervisor features to be leveraged such as high availability and fault tolerance. The table below outlines SvKMS’ compatibility with different hypervisor versions.

Hypervisor SvKMS version
2.3
VMware vSphere 6.7 & updates tick-150x150
vSphere 6.5 & updates tick-150x150
Microsoft Windows Server 2016 tick-150x150
Hyper-V Server 2016 tick-150x150
Linux KVM CentOS 8.0 tick-150x150
CentOS 7.6 tick-150x150
RHEL 8.0 tick-150x150
RHEL 7.6 tick-150x150
Ubuntu 18.04 LTS tick-150x150
Oracle VirtualBox 6.1 tick-150x150
VirtualBox 6.0 tick-150x150
VirtualBox 5.2 tick-150x150
Nutanix AHV 5.10 tick-150x150

 

Additional Integrations

There are a number of additional storage and database integrations for SvKMS that allow it to simplify the key management of an organization’s infrastructure. These are generally achieved through the use of KMIP. The integrations are listed below:

Integration Explanation
VMware vSphere and vSAN Enables vSphere VM encryption, via KMIP integration
Nutanix Enables the use of self encrypting drives (SEDs), via KMIP integration
IBM DB2 SvKMS can create a centralized key store when using DB2 native encryption
MongoDB Enables data-at-rest encryption through storage-based symmetric key encryption, via KMIP
NetApp ONTAP SvKMS can act as a key management server for volume encryption, via KMIP
Veritas SvKMS can act as the key management server for Veritas Netbackup encryption, via KMIP
Commvault Using KMIP, SvKMS protects Commvault software encryption keys stored in a CommServe database

 

SvKMS Maintenance and Support

SvKMS Maintenance & Support provides organizations with access to StorMagic support resources, including product updates, knowledgebase access and email support with our technical support staff.

Two levels are available. A summary of each is shown in the table below:

 

Gold Support Platinum Support
Hours of operation 8 hours a day1 (Mon – Fri) 24 hours a day2, (7 days a week)
Length of service 1, 3 or 5 years 1, 3 or 5 years
Product updates Yes Yes
Product upgrades Yes Yes
Access method Email Email + Telephone
(via platinum
engagement form on
support.stormagic.com)
Response method Email + Webex Email + Telephone +
WebEx
Maximum number of support administrators per contract 2 4
Response time 4 hours 1 hour

1Gold Support is only available within the timezones of UTC/DST 07:00 to UTC/DST 01:00. If you fall outside of this range, you must purchase Platinum Support.
2Global, 24×7 support for Severity 1 – Critical Down & Severity 2 Degraded issues

 

Click here to download this data sheet in PDF format.