Next Generation Enterprise Key Management
Centralize and simplify data security policies and key management anywhere
CipherTrust Manager offers the industry leading enterprise key management solution enabling organizations to centrally manage encryption keys, provide granular access control and configure security policies. CipherTrust Manager is the central management point for the CipherTrust Data Security Platform. It manages key lifecycle tasks including generation, rotation, destruction, import and export, provides role-based access control to keys and policies, supports robust auditing and reporting, and offers developer friendly REST API.
CipherTrust Manager is available in both virtual and physical appliances that integrates with FIPS 140-2 compliant Thales Luna or third-party Hardware Security Modules (HSMs) for securely storing keys with a highest root of trust. These appliances can be deployed on-premises in physical or virtualized infrastructures and in public cloud environments to efficiently address compliance requirements, regulatory mandates and industry best practices for data security. With a unified management console, it makes it easy to set policies, discover and classify data, and protect sensitive data wherever it resides using the CipherTrust Data Security Platform products.
Cost Savings and Business Benefits
Enabled by the CipherTrust Data Security Platform
CipherTrust Manager provides a unified management console that enables you to discover and classify sensitive data, and protect data using integrated set of Thales Data Protection connectors across on-premises data stores and multi-cloud deployments. It offers advanced self-service licensing, multi-tenancy support, secrets management and developer friendly REST APIs.
It offers users with additional hosting options, and can run as a native virtual machine on AWS, Microsoft Azure, Google Cloud, VMware, Microsoft HyperV, and more. Additionally, native support of CipherTrust Cloud Key Manager on CipherTrust Manager streamlines key management across multiple cloud infrastructures and SaaS applications.
It is available in both virtual and physical form factors and integrates with FIPS 140-2 compliant Thales Luna and third-party HSMs for securely storing keys with the highest root of trust. Flexible deployment options can easily scale to provide key management at remote facilities or in cloud infrastructures.
Simplifies management of encryption keys across their entire lifecycle, including secure key generation, backup/restore, clustering, deactivation and deletion. It unifies key management operations with role-based access control using existing Active Directory and LDAP credentials, and provides full audit log review.
Provides a single pane of glass for the CipherTrust Data Security Platform products, that enable organizations to discover, classify, and encrypt or tokenize data to reduce business risk and satisfy compliance regulations. It streamlines provisioning of connector licenses through a new self-service licensing for better visibility and control of licenses.
Offers new REST interfaces in addition to KMIP and NAE-XML APIs, for developers to simplify deployment of applications integrated with key management capabilities and automate testing and development of administrative operations.
|
Virtual Appliances |
Physical Appliances |
||
---|---|---|---|---|
Features |
k170v |
k470v |
k470 |
k570 |
Administrative Interfaces |
Management Console, REST API, kscfg (system configuration), (ksctl (Command Line Interface) |
|||
Network Management |
SNMP v1, v2c, v3, NTP, Syslog-TCP |
|||
API Support |
REST, NAE-XML, KMIP, PKCS#11, JCE, .NET, MCCAPI, MS CNG |
|||
Secure Authentication |
Local User , AD, LDAPS, Certificate based authentication, Supports Open ID Connect (OIDC) |
|||
System Formats |
RFC-5424, CEF, LEEF |
|||
Supported HSMs for Root of Trust |
Luna Network HSM, Luna T-Series Network HSM, Luna Cloud HSM, AWS Cloud HSM, Azure Dedicated HSM, IBM Cloud HSM, IBM Cloud Hyper Protect Crypto Services Cloud HSM |
Luna Network HSM, Luna T-Series Network HSM, Luna Cloud HSM, AWS Cloud HSM, Azure Dedicated HSM, IBM Cloud HSM, IBM Cloud Hyper Protect Crypto Services Cloud HSM
|
Luna Network HSM, Luna T-Series Network HSM, Luna Cloud HSM, AWS Cloud HSM, Azure Dedicated HSM, IBM Cloud HSM, IBM Cloud Hyper Protect Crypto Services Cloud HSM |
N/A (has built in HSM) |
Automated Deployment Support |
Yes (via Cloud-Init) |
Yes (via Cloud-Init) |
No |
Yes (via Secure Transport Mode) |
Maximum Number of Keys |
Tested up to 1M Keys (more possible with appropriately sized virtual environments) |
YTested up to 1M Keys (more possible with appropriately sized virtual environments) |
1 Million Keys |
1 Million Keys |
Maximum Domains (multi-tenancy) |
100 |
1000 |
1000 |
1000 |
Physical Appliances |
k470 |
k570 |
---|---|---|
Dimensions |
19” x 21” x 1.725” (482.6mm x 533.4mm x 43.815mm) |
|
Hard Drive |
1x 2TB SATA SE (Spinning Disk) |
|
CPU |
Xeon E3-1275v6 Processor |
|
RAM |
16GB |
|
NIC Support |
4x1GB or 2x10Gb/2x1Gb (NIC Bonding capable) |
|
Rack Mount |
Standard 1U rack mountable Sliding rails can be optionally purchased |
|
Reliability |
Dual hot swappable power supplies |
|
Safety and Compliance |
CSA C-US, FCC, CE, VCCI, C-TICK, KC Mark, BIS |
|
Mean Time Between Failure |
165,279 hours |
153,583 hours |
FIPS Support |
Integrates with an external FIPS Certified Physical or Cloud HSM as Secure Root of Trust |
Embedded PCI-HSM FIPS 140-2 Level 3 certified – password and multi-factor (PED) (Certificate #3205) |
Virtual Appliances |
k170v |
K470v |
---|---|---|
System Requirements |
|
|
Clouds/Hypervisors Supported |
|
CipherTrust Manager simplifies key lifecycle management tasks, including secure key generation, backup/restore, clustering, deactivation, and deletion by enabling organizations to centrally manage encryption keys for Thales CipherTrust Data Security Platform and third-party...
Learn about the major reasons for current KeySecure customers to migrate to the new CipherTrust™ Manager appliance now. Customers who have relied on the KeySecure platform over many years can now take advantage of the advanced capabilities in this next generation key...
Data Protection Gateway (DPG) is a CipherTrust Connector that transparently protects sensitive data in RESTful calls in legacy and cloud-native applications without requiring code modifications. DPG offers Data Security teams full control over how data is protected and who has...
Discover how organizations can centrally manage keys for third-party devices including Microsoft SQL TDE, Oracle TDE, and KMIP-compliant encryption products.
Today, every IT organization is striving to protect valuable digital assets of any enterprise from accidental exposure or intentional misuse by cyber criminals. Many organizations have deployed a variety of point encryption solutions as a primary method of protecting sensitive...
The crucial first step in privacy and data protection regulatory compliance is to understand what constitutes sensitive data, where it is stored, and how it is used. If you don't know what sensitive data you have, where it is, and why you have it, you cannot apply effective...
CipherTrust Cloud Key Management (CCKM) reduces key management complexity and operational costs by giving customers lifecycle control of cloud encryption keys with centralized management and visibility. Gain access to each cloud provider from a single pane of glass, across...
Thales offers CipherTrust Manager as the central enterprise key management solution for an expansive ecosystem of storage and archive infrastructure partners, as described in this Solution Brief