KeySecure key management platform

SafeNet KeySecure is the industry’s leading centralized key management platform, and is available as a hardware appliance or hardened virtual security appliance. By utilizing SafeNet KeySecure, organizations benefit from its flexible options for secure and centralized key management – deployed in physical, virtualized infrastructure, and public cloud environments. 

Only Gemalto can deliver key management appliances across FIPS-validated hardware or a virtual appliance with a hardware root of trust using SafeNet Network Hardware Security Modules or Amazon CloudHSM service. 

 keysecure with crypto pack use case diagram

SafeNet KeySecure use cases for centralized key management cover Gemalto encryption products and third-party solutions for backup media and storage, virtual workload and application encryption.

Backup Media: SafeNet KeySecure supports industry leading tape libraries, scalable backup and cloud archive solutions.

Storage: SafeNet KeySecure supports leading storage platforms and cloud storage services like AWS, Dropbox, Google and Nutanix.

Data Encryption Solutions: SafeNet KeySecure provides encryption solutions for data in various formats – structured (such as databases) and unstructured (file level encryption, big data) – ensuring appropriate access to users requiring the information and IT teams providing infrastructure support.

Applications: SafeNet KeySecure supports applications level encryption via SafeNet ProtectApp solution and integrations from cloud application partners.

 

Hardware Specifications

 

Feature

 

k460

 

k450

 

k250

 
Height 1.7 in 1.7 in 1.7 in
Width

17.1 in without

rack mounting brackets 18.9

in with brackets

17.1 in without

rack mounting brackets,18.9 in with brackets

17.1 in without

rack mounting brackets,18.9 in  with brackets

Depth 27.4 in – includes handles and locking bezel 27.4 in – includes handles and locking bezel 10.6 in
Weight 42.5 lbs 42.5 lbs 11.0 lbs
Processor Intel Xeon E5-2420 1.9 GHz, 15M cache Intel Xeon E5-2420 1.9 GHz, 15M cache Intel Atom D525
Serial Port

Standard RS232 male DB9, pin out

Standard RS232 male DB9, pin out

Standard RS232 male DB9, pin out

Network Interfaces (Back Panel)

2 x 10/100/1000

Mbps

Ethernet ports

2 x 10/100/1000

Mbps

Ethernet ports

2 x 10/100/1000

Mbps

Ethernet ports

PED Port (Back Panel)

The PED port is used to connect the PIN entry device (PED) to the KeySecure.

N/A N/A
Hard Drive

Two (2) x 500 GB

7.2K

RPM SATA  2.5”

Two (2) x 500 GB

7.2K

RPM SATA 2.5”

One (1) x 1 TB

7.2K

RPM SATA 3.5"

Power Supply (Back Panel)

Two (2) x 350 2W

Redundant

Two (2) x 350 2W

Redundant

60W
USB Ports 3 3 2
Input Power Ranger

100-240 VAC

(4.8 A - 2.4 A)

100-240 VAC

(4.8 A - 2.4 A)

100-240 VAC

(0.69 A - 0.29 A)

Operating Ambient Temperature

50 to 95 °F /

10 to 35 °C

0 to 40 °F /

32 to 104 °C

4 to 167 °F /

-20 to 75 °C

 

Supported Technologies (All Models):

 
API Support KMIP 1.1, PKCS #11, JCE, MS-CAPI, ICAPI, and.NET
Network Management

SNMP v1, v2c, and v3 SNMP (v1, v2, and v3), NTP,

URL health check, signed secure logs & syslog, automatic log rotation,

secured encryption and integrity checked backups and upgrades,

extensive statistics

Authentication LDAP and Active Directory
Management Interfaces

SafeNet KeySecure Management Console:

Graphical user interface (GUI)

available via web browser that is capable of high-grade 128-bit encryption.

JavaScript must be enabled to access all functionality available

through the management console.

Command Line Interface (CLI): Command line interface (CLI)

available over SSH or directly through the serial console port

Auditing and Logging

Cryptographically signed tracking of granular events.

Configurable audit trail with local and remote (syslog) logging.

Supported Algorithms SafeNet KeySecure supports the following public algorithms:
  • AES
  • ARIA
  • DES
  • DESede
  • HMAC-SHA1
  • HMAC-SHA256
  • HMAC-SHA384
  • HMAC-SHA512
  • RC4
  • RSA
  • SEED
 
Operating System Highly customized, hardened OS

 

Model Comparison:

 

Feature

 

k460

 

k450

 

k250

 
Max keys 1,000,000 1,000,000 25,000
Max concurrent clients 1,000 1,000 100
Redundant hot-swap HDs & Power Yes Yes No
FIPS Certification L3 (includes Luna HSM K6 PCI Card) L1 (includes SSCL library) L1 (includes SSCL library)
HSM Management* Yes Yes Yes
SafeNet Crypto Pack** Optional Optional Optional
SafeNet ProtectV Integration Yes Yes Yes
SafeNet ProtectApp Integration Yes Yes Yes
SafeNet ProtectFile Integration Yes Yes Yes
       
SafeNet Third-Party Integration Support
Partner Integration Support
(requires ProtectApp)

*KeySecure will integrate with both Luna SA and Amazon CloudHSM

**Remote encryption within KeySecure 8.0 appliance using the connectors (ProtectApp,

ProtectDB and Tokenization) requires the purchase of Crypto Pack.

Local encryption and ProtectFile do NOT require Crypto Pack feature activation

 

KeySecure Cloud Key Management
    • Heterogeneous Key Management: Manages keys for a variety of encryption products including databases, file servers, tokenization and applications through Crypto Pack and self-encrypting drives, tape archives, Storage Area Networks, virtual workloads, and a growing list of vendors supporting the OASIS Key Management Interoperability Protocol (KMIP) standard.

 

    • Multiple Key Types: Centrally manages symmetric, asymmetric, secret data, and X.509 certificates along with their associated polices.

 

    • Full Lifecycle Key Support and Automated Operations: Simplifies the management of encryption keys across the entire lifecycle including secure key generation, storage and backup, key distribution and key deactivation and deletion.  KeySecure makes automated, policy driven operations easy for tasks such as key expiry and key rotation.

 

    • Centralized Administration of Granular Access, Authorization Controls and Separation of Duties: Management console unifies key management operations across multiple encryption deployments and products while ensuring administrators are restricted roles defined for their scope of responsibilities. 

 

    • High-Availability and Intelligent Key Sharing: Deploys in flexible high-availability configurations within an operations center and across geographically dispersed centers or service provider environments using an active-active mode of clustering.

 

    • Auditing and Logging:  Centralized management includes detailed logging and audit tracking of all key state changes, administrator access and policy changes. Audit trails are securely stored and signed for non-repudiation and can be consumed by leading 3rd party SIEM tools.

 

    • Next-Generation Solution for NetApp Storage:  The official upgrade for existing NetApp DataFort Encryption Appliance and NetApp Storage Encryption deployed with the NetApp Lifetime Key Manager.

 

    • Format Preserving Encryption (FPE): Securely encrypts structured data such as credit cards or social security numbers.

 

  • Infield Software Updates: Ensures easy installation of new features, core software updates and security patches. Additionally you can run older appliances in cluster with new appliances.

There are no reviews for this product.
Write a review
BadExcellent
Verification code *
Facebook comment

Keyword Search

Newsletter signup

Subscribe to our mailing list
* indicates required
By subscribing you accept our
 
 
 

This Site

Webstore menu