Utimaco ESKM is a complete solution for generating, storing, serving, controlling, and auditing access to encryption keys. It enables you to protect and preserve access to business-critical, sensitive, data-at-rest encryption keys, either locally or remotely. ESKM is the first industry-certified Key Management Interoperability Protocol (KMIP) v2.1.
Benefits of an External Key Manager
1. Serve a unique key to multiple Cloud Solution Provider
2 .Manage both ESKM-created, and CSP-created keys in the ESKM
3. Create keys using FIPS approved, Random Number Generator, backed by an HSM
4. The CSP doesn’t have access to your keys
5. You can justify the rationale behind the key access request
6. Data Sovereignty
Utimaco Virtual Enterprise Secure Key Manager (vESKM) Licensing Guide
Overview
This document provides a comprehensive guide for licensing the Virtual Enterprise Secure Key Manager (vESKM) solution. vESKM offers robust key management capabilities, ensuring secure data encryption across various platforms. The licensing structure is designed to provide flexibility and scalability to meet diverse organizational needs.
Core Component
SW-vESKM-V1 - Virtual ESKM Server (2 node Cluster)
The Virtual ESKM Server is the central component of the ESKM solution. This license enables the deployment of a 2-node ESKM cluster in a virtualized environment. It is essential for managing the encryption keys across your organization's infrastructure.
Features:
- High Availability: Ensures continuous operation with a 2-node cluster setup.
- Scalability: Easily expandable to accommodate growing organizational needs.
- Compatibility: Supports a wide range of virtualization platforms.
Client Licenses
To integrate various systems and applications with the ESKM server, specific client licenses are required. Each client license caters to different types of systems or protocols.
1. LIC-ESKM-CAL-SERVER - ESKM Client License for ProLiant and other Servers
This license is designed for ProLiant servers and other server types that require encryption key management for data-at-rest.
Key Features:
- Seamless Integration: Works with a wide range of server hardware.
- Secure Encryption: Provides robust key management for data-at-rest encryption.
2. LIC-ESKM-CAL-KMSNS - ESKM Client License for HPE NonStop & Tape Libraries
This license is tailored for HPE NonStop systems and tape libraries utilizing the Key Management Service (KMS) protocol.
Key Features:
- Specialized Support: Optimized for HPE NonStop systems and tape libraries.
- Protocol Compatibility: Designed for systems using the KMS protocol for key management.
3. LIC-ESKM-CAL-KMIP - ESKM Client License for any KMIP Integrated Client
This license is applicable for clients that are integrated with the Key Management Interoperability Protocol (KMIP).
Key Features:
- Broad Compatibility: Suitable for a wide range of KMIP-compliant clients.
- Standardized Protocol: Ensures interoperability and security in key management.
Licensing Process
Assessment: Determine your organization's specific key management needs, including the number and type of servers and clients.
Selection: Choose the appropriate ESKM server license and the relevant client licenses based on your infrastructure.
Activation: Activate the licenses on your ESKM server and client systems as per the provided instructions.
Compliance and Legal Considerations
Ensure that the use of ESKM and its components complies with local and international encryption regulations.
The licenses are non-transferable and are subject to the terms and conditions outlined in the End User License Agreement (EULA).
For further assistance or inquiries regarding ESKM licensing, please contact our support team or your local sales representative.
Utimaco Virtual Enterprise Secure Key Manager
UTIMACO’s virtual Enterprise Secure Key Manager (vESKM) is the most interoperable and integrated Key Manager in the market. It provides a pre-configured and hardened security virtual appliance that provides a unified service for creating, protecting, and delivering cryptographic keys to data encryption devices and applications across the distributed enterprise IT infrastructure. Through that it enables you to protect and ensure continuous access to business critical and sensitive, data-at-rest encryption keys locally and remotely. vESKM centralizes cryptographic processing, security policies and key management in a FIPS 140-2 Level 1 complaint platform.
Show more
For more price
view details
UTIMACO’s virtual Enterprise Secure Key Manager (vESKM) is the most interoperable and integrated Key Manager in the market. It provides a pre-configured and hardened security virtual appliance that provides a unified service for creating, protecting, and delivering cryptographic keys to data encryption devices and applications across the distributed enterprise IT infrastructure. Through that it enables you to protect and ensure continuous access to business critical and sensitive, data-at-rest encryption keys locally and remotely. vESKM centralizes cryptographic processing, security policies and key management in a FIPS 140-2 Level 1 complaint platform.
For more price
view details
Utimaco Virtual Enterprise Secure Key Manager
- Description
- Pricing
- Support
- Customer Case
Highlights
- ESKM supports the Key Management Interoperability Protocol (KMIP), which is an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server.
- Full key control and data sovereignty: Cryptographic keys remain under your control in a secure, FIPS validated environment
- Meets highest security requirements: Designed for NIST SP 800-131A and FIPS 140-2 Levels 1, Level 2, and Level 3, meets enhanced compliance requirements such as PCI DSS, HIPAA, and GDPR
- High availability and capacity: Capacity to manage millions of keys, thousands of clients, and thousands of hardware or virtual appliances
- Integrated, flexible, and easy to use: Comprehensive monitoring, recovery, scheduled backups, and log rotations, restore functionality, Simplified RESTful API interface for key CRUD (Create, Read, Update, Delete) operations and crypto functions
Parameters
Version
V1.0
Category
Security
Operating System
Linux
Release Date
Dec 13, 2023
Delivery Period
30 days
Detail
Pricing
SW-vESKM-V1
- SW-vESKM-V1
- LIC-ESKM-CAL-KMIP
- LIC-ESKM-CAL-SERVER
- LIC-ESKM-CAL-KMSNS
Support
User Guide
ESKM_User_Guide
Download
ESKM_Deployment_Guide
Download
ESKM_RESTful_API_Reference
Download
UTIMACO OceanStor Dorado 2000, 3000, 5000, and 6000 6.1
Download
ESKM_Release_Notes
Download
Support Range
https://utimaco.com/service/support/support-hsms-atalla-and-eskm
Time: 5 x 8 hours (CET)
Services: Product and Service Support
Hotline: +49 241 1696 155
Email Address: support-atalla@utimaco.com
End User License Agreement
Ordering this application means that you agree to the terms and conditions listed in the End User License Agreement (EULA).
Customer Case
A German Financial Service using Utimaco ESKM for disk encryption of HUAWEI OceanStor
Most financial instituations have to meet FIPS 140-2 requirements in managing encryption keys: Utimaco ESKM has passed FIPS certification and provides key storage and management capabilities. ESKM can be connected to storage systems to provide interfaces and functions required by the KMIP protocol. The HUAWEI OceonStor storage systems can invoke these interfaces to create, update, destroy, and query keys required by the disk encryption service.
Benefit:
* Enables Banking- and Financial customers meeting country- and industry specific compliance regulations (NIST, FIPS 140-2, Bafin,..)
* Automization of key management operations (TCO)
* Enhanced Data Security in protection root keys optional in certified Hardware Security Modules
Region:
EMEA, APAC and AMERICA
Benefit:
* Enables Banking- and Financial customers meeting country- and industry specific compliance regulations (NIST, FIPS 140-2, Bafin,..)
* Automization of key management operations (TCO)
* Enhanced Data Security in protection root keys optional in certified Hardware Security Modules
Region:
EMEA, APAC and AMERICA