VMware software powers the world's complex digital infrastructure. The company's compute, cloud, mobility, networking and security offerings provide a dynamic and efficient digital foundation to over 500,000 customers globally, aided by an ecosystem of 75,000 partners. Headquartered in Palo Alto, California, this year VMware celebrates twenty years of breakthrough innovation benefiting business and society.
VMware vSphere®, is an industry-leading virtualization platform that empowers users to scale-up and scale-out applications with confidence. vSphere helps you get the best performance, availability, and efficiency from your infrastructure and applications. It’s the ideal foundation for any cloud environment.
VMware vSphere VM Encryption is a feature introduced in vSphere 6.5 to enable the encryption of virtual machines. VM Encryption protects virtual machine files, virtual disk files, and core dump files by encrypting the input/output from the virtual machine before it gets stored in disk. The solution leverages the Key Management Interoperability Protocol (KMIP) for encryption key management and key vaulting.
vSphere enables a flexible key management root of trust to match the customer risk profile – from a software virtual appliance to a FIPS 140-2 Level 3 physical protected boundary. vSphere can be used with the CipherTrust Manager from Thales to provide the full range of protection for key management and role separation. The combined solution delivers non-disruptive encryption, ensuring the security of VMs, the applications they run, and the sensitive data they process. The combination provides a cost-effective and comprehensive solution that meets the most stringent security requirements. Leveraging hardware-based data encryption ensures no adverse impact to system performance.
TPM is a hardware level crytpo processor to secure the generation of cryptographic keys. For virtualized server environments, this functionality is provided in software via a virtual TPM (vTPM). VMware’s vSphere 6.7 adds support for TPM 2.0 hardware devices for ESXi hosts and also introduces virtual TPM (vTPM) 2.0 for Virtual Machines, ensuring integrity for both the hypervisor and the guest operating system (OS). VMware and the vSphere architecture provide this capability utilizing the following components:
NIST Special Publication 800-57 Part 2 Revision 1 recommends
Moderate and High impact levels require a cryptographic
module validated at FIPS 140 Level 3 or higher. Specifying
Utilizing a FIPS 140 Level 1 cryptographic module could
adversely affect the organization’s ability to continue to engage
in mission-critical processing and communications partnerships.
FIPS requirement impact level of customer data (levels 1-3) and
are deployed with high availability to support mission resiliency.
Thales TCT’s Enterprise Key Manager is a VMware-certified
KMS that protect vTMPs’ cryptographic keys in an external
hardware appliance. Thales TCT’s Enterprise Key Manager The
Data Security Platform also supports an embedded hardware
root of trust utilizing a FIPS 140-2 Level 3 Luna for Government
hardware security module. Developed for U.S. Government use,
it is manufactured, sold, and supported in the U.S. exclusively by
Read our DoD STIG Compliance Virtualization-Based Security - External Key Management Solution Brief for more information.
VMware vSAN, is an industry-leading flash-optimized secure storage platform that helps customers evolve to hyper-converged infrastructure (HCI). By pooling together server-attached storage, it provides a highly resilient and encrypted shared datastore suitable for any virtualized workload, including business-critical applications. vSAN lowers IT costs and provides an agile solution ready for future hardware, hybrid cloud offerings, and next-generation applications.
Delivering the industry’s first native HCI encryption solution, vSAN can leverage the CipherTrust Manager from Thales to provide the full range of protection for key management and role separation. The combined solution delivers non-disruptive encryption to ensure the security of data at rest in storage clusters. The combination provides a cost-effective and comprehensive solution that meets the most stringent security requirements. The use of software-based data encryption provides the flexibility to be deployed with any supported storage device and a wide range of servers.
The use of VMware vSAN with CipherTrust Manager enables a flexible key management root of trust to match the customer risk profile – from the virtualized infrastructure to a FIPS 140-2 Level 3 physical protected boundary.
KeySecure for Government integrates with vSphere in support of VM Encryption, vSAN Encryption and the use of Virtual TPMs . As a VMware-certified Key Management Server, KeySecure for Government provides validated and hardened protection of the Key Encryption Keys used by vSphere.
SafeNet AT/Thales TCT is a VMware Standard Technology Alliance Partner.
KeySecure for Government Free Trial
Download a free trial of KeySecure G350v with a complementary 60 day evaluation license for your VMware Infrastructure.Request Download
Back to Partner List