Skip Navigation

VMware

About VMware  

VMware software powers the world's complex digital infrastructure. The company's compute, cloud, mobility, networking and security offerings provide a dynamic and efficient digital foundation to over 500,000 customers globally, aided by an ecosystem of 75,000 partners. Headquartered in Palo Alto, California, this year VMware celebrates twenty years of breakthrough innovation benefiting business and society.

  • VMware vSphere and CipherTrust Manager

    VMware vSphere®, is an industry-leading virtualization platform that empowers users to scale-up and scale-out applications  with confidence. vSphere helps you get the best performance, availability, and efficiency from your infrastructure and applications. It’s the ideal foundation for any cloud environment. 


    VMware vSphere VM Encryption is a feature introduced in vSphere 6.5 to enable the encryption of virtual machines. VM Encryption protects virtual machine files, virtual disk files, and core dump files by encrypting the input/output from the virtual machine before it gets stored in disk. The solution leverages the Key Management Interoperability Protocol (KMIP) for encryption key management and key vaulting. 


    vSphere enables a flexible key management root of trust to match the customer risk profile – from a software virtual appliance to a FIPS 140-2 Level 3 physical protected boundary. vSphere can  be used with the CipherTrust Manager from Thales to provide the full range of protection for key management and role separation. The combined solution delivers non-disruptive encryption, ensuring the security of VMs, the applications they run, and the sensitive data they process. The combination provides a cost-effective and comprehensive solution that meets the most stringent security requirements. Leveraging hardware-based data encryption ensures no adverse impact to system performance. 

    Download Solution Brief

  • VMware vSphere vTPM and Thales CipherTrust Manager

    TPM is a hardware level crytpo processor to secure the generation of cryptographic keys. For virtualized server environments, this functionality is provided in software via a virtual TPM (vTPM). VMware’s vSphere 6.7 adds support for TPM 2.0 hardware devices for ESXi hosts and also introduces virtual TPM (vTPM) 2.0 for Virtual Machines, ensuring integrity for both the hypervisor and the guest operating system (OS). VMware and the vSphere architecture provide this capability utilizing the following components:

    •  Implementation of Virtual Trusted Platform Modules (vTPMs) in a vSphere environment requires an external Key Management Server (KMS) utilizing KMIP
    • Virtual Trusted Platform Modules (vTPMs) establish trust by enabling “Secure Boot” technology emulating a hardware based TPM
    •  vTPM data is securely stored in the virtual machine .nvram file, encrypted using VM encryption

    NIST Special Publication 800-57 Part 2 Revision 1 recommends 
    Moderate and High impact levels require a cryptographic 
    module validated at FIPS 140 Level 3 or higher. Specifying 
    Utilizing a FIPS 140 Level 1 cryptographic module could 
    adversely affect the organization’s ability to continue to engage 
    in mission-critical processing and communications partnerships. 
    FIPS requirement impact level of customer data (levels 1-3) and 
    are deployed with high availability to support mission resiliency.

    Thales TCT’s Enterprise Key Manager is a VMware-certified 
    KMS that protect vTMPs’ cryptographic keys in an external 
    hardware appliance. Thales TCT’s Enterprise Key Manager The 
    Data Security Platform also supports an embedded hardware 
    root of trust utilizing a FIPS 140-2 Level 3 Luna for Government
    hardware security module. Developed for U.S. Government use, 
    it is manufactured, sold, and supported in the U.S. exclusively by 
    Thales TCT.

    Read our DoD STIG Compliance Virtualization-Based Security - External Key Management Solution Brief for more information.

    Download Now

  • VMware vSAN® and Thales CipherTrust Manager

    VMware vSAN, is an industry-leading flash-optimized secure storage platform that helps customers evolve to hyper-converged infrastructure (HCI). By pooling together server-attached storage, it provides a highly resilient and encrypted shared datastore suitable for any virtualized workload, including business-critical applications. vSAN lowers IT costs and provides an agile solution ready for future hardware, hybrid cloud offerings, and next-generation applications.


    Delivering the industry’s first native HCI encryption solution, vSAN can leverage the CipherTrust Manager from Thales to provide the full range of protection for key management and role separation. The combined solution delivers non-disruptive encryption to ensure the security of data at rest in storage clusters. The combination provides a cost-effective and comprehensive solution that meets the most stringent security requirements. The use of software-based data encryption provides the flexibility to be deployed with any supported storage device and a wide range of servers.


    The use of VMware vSAN with CipherTrust Manager enables a flexible key management root of trust to match the customer risk profile – from the virtualized infrastructure to a FIPS 140-2 Level 3 physical protected boundary.

    Download Solution Brief

  • vSphere and KeySecure for Government

    KeySecure for Government integrates with vSphere  in support of  VM Encryption, vSAN Encryption and the use of Virtual TPMs . As a VMware-certified Key Management Server, KeySecure for Government provides validated and hardened protection of the Key Encryption Keys used by vSphere.

    VMware Marketplace Listings

    Additional Resources

 SafeNet AT/Thales TCT is a VMware Standard Technology Alliance Partner.

 

 

KeySecure for Government Free Trial

Download a free trial of KeySecure G350v with a complementary 60 day evaluation license for your VMware Infrastructure.

Request Download

 Back to Partner List

Have an integration question? 

Contact us to learn more about an integration or to inquire about becoming an integration partner. 

Contact Us
 

This site uses cookies to store information on your computer. Some are essential to make our site work properly; others help us improve the user experience.

By using the site, you consent to the placement of these cookies. For more information, read our cookie policy and our privacy policy.

Accept