CipherTrust Manager

Next Generation Enterprise Key Management

Centralize and simplify data security policies and key management anywhere

CipherTrust Manager

CipherTrust Manager offers the industry leading enterprise key management solution enabling organizations to centrally manage encryption keys, provide granular access control and configure security policies. CipherTrust Manager is the central management point for the CipherTrust Data Security Platform. It manages key lifecycle tasks including generation, rotation, destruction, import and export, provides role-based access control to keys and policies, supports robust auditing and reporting, and offers developer friendly REST API.

CipherTrust Manager is available in both virtual and physical appliances that integrates with FIPS 140-2 compliant Thales Luna or third-party Hardware Security Modules (HSMs) for securely storing keys with a highest root of trust. These appliances can be deployed on-premises in physical or virtualized infrastructures and in public cloud environments to efficiently address compliance requirements, regulatory mandates and industry best practices for data security. With a unified management console, it makes it easy to set policies, discover and classify data, and protect sensitive data wherever it resides using the CipherTrust Data Security Platform products.

ciphertrust-manager-diagram

  • Benefits
  • Features
  • Specifications

Simplified Management

CipherTrust Manager provides a unified management console that enables you to discover and classify sensitive data, and protect data using integrated set of Thales Data Protection connectors across on-premises data stores and multi-cloud deployments. It offers advanced self-service licensing, multi-tenancy support, secrets management and developer friendly REST APIs.

Cloud Friendly Deployment

It offers users with additional hosting options, and can run as a native virtual machine on AWS, Microsoft Azure, Google Cloud, VMware, Microsoft HyperV, and more. Additionally, native support of CipherTrust Cloud Key Manager on CipherTrust Manager streamlines key management across multiple cloud infrastructures and SaaS applications.

Flexible Form Factors

It is available in both virtual and physical form factors and integrates with FIPS 140-2 compliant Thales Luna and third-party HSMs for securely storing keys with the highest root of trust. Flexible deployment options can easily scale to provide key management at remote facilities or in cloud infrastructures.

Centralized Key Lifecycle Management

Simplifies management of encryption keys across their entire lifecycle, including secure key generation, backup/restore, clustering, deactivation and deletion. It unifies key management operations with role-based access control using existing Active Directory and LDAP credentials, and provides full audit log review.

Unified Management Console

Provides a single pane of glass for the CipherTrust Data Security Platform products, that enable organizations to discover, classify, and encrypt or tokenize data to reduce business risk and satisfy compliance regulations. It streamlines provisioning of connector licenses through a new self-service licensing for better visibility and control of licenses.

Developer Friendly REST APIs

Offers new REST interfaces in addition to KMIP and NAE-XML APIs, for developers to simplify deployment of applications integrated with key management capabilities and automate testing and development of administrative operations.

CipherTrust Manager Features

 

Virtual Appliances

Physical Appliances

Features

k170v

k470v

k470

k570

Administrative Interfaces

Management Console, REST API, kscfg (system configuration), (ksctl (Command Line Interface)

Network Management

SNMP v1, v2c, v3, NTP, Syslog-TCP

API Support

REST, NAE-XML, KMIP, PKCS#11, JCE, .NET, MCCAPI, MS CNG

Secure Authentication

Local User , AD, LDAPS, Certificate based authentication, Supports Open ID Connect (OIDC)

System Formats

RFC-5424, CEF, LEEF

Supported HSMs for Root of Trust

Luna Network HSM, Luna T-Series Network HSM, Luna Cloud HSM, AWS Cloud HSM, Azure Dedicated HSM, IBM Cloud HSM, IBM Cloud Hyper Protect Crypto Services Cloud HSM

Luna Network HSM, Luna T-Series Network HSM, Luna Cloud HSM, AWS Cloud HSM, Azure Dedicated HSM, IBM Cloud HSM, IBM Cloud Hyper Protect Crypto Services Cloud HSM

 

Luna Network HSM, Luna T-Series Network HSM, Luna Cloud HSM, AWS Cloud HSM, Azure Dedicated HSM, IBM Cloud HSM, IBM Cloud Hyper Protect Crypto Services Cloud HSM

N/A (has built in HSM)

Automated Deployment Support

Yes (via Cloud-Init)

Yes (via Cloud-Init)

No

Yes (via Secure Transport Mode)

Maximum Number of Keys

Tested up to 1M Keys (more possible with appropriately sized virtual environments)

YTested up to 1M Keys (more possible with appropriately sized virtual environments)

1 Million Keys

1 Million Keys

Maximum Domains (multi-tenancy)

100

1000

1000

1000

 

Appliance Specifications

Physical Appliances

k470

k570

Dimensions

19” x 21” x 1.725” (482.6mm x 533.4mm x 43.815mm)

Hard Drive

1x 2TB SATA SE (Spinning Disk)

CPU

Xeon E3-1275v6 Processor

RAM

16GB

NIC Support

4x1GB or 2x10Gb/2x1Gb (NIC Bonding capable)

Rack Mount

Standard 1U rack mountable Sliding rails can be optionally purchased

Reliability

Dual hot swappable power supplies

Safety and Compliance

CSA C-US, FCC, CE, VCCI, C-TICK, KC Mark, BIS

Mean Time Between Failure

165,279 hours

153,583 hours

FIPS Support

Integrates with an external FIPS Certified Physical or Cloud HSM as Secure Root of Trust

Embedded PCI-HSM FIPS 140-2 Level 3 certified – password and multi-factor (PED) (Certificate #3205)

Virtual Appliances

k170v

K470v

System Requirements

  • RAM (GB): 16
  • Hard Disk (GB): 100
  • NICs: 1 or more
  • CPUs: up to 4 CPU max
  • RAM (GB): 16 or more
  • Hard Disk (GB): 200 or more
  • NICS: 2 or more
  • CPUs:5 or more

Clouds/Hypervisors Supported

  • Public Clouds: AWS Cloud, Microsoft Azure, Google Cloud Enterprise (GCE), Oracle Cloud Infrastructure (OCI), Alibaba Cloud
  • Private Clouds/Hypervisors: VMware vSphere (6.5, 6.7 and 7.0), Microsoft Hyper-V, Nutanix AHV, OpenStack (QCOW2) * AWS GovCloud, Azure Government Cloud also supported

Related Resources

CipherTrust Manager - Product Brief

CipherTrust Manager - Product Brief

CipherTrust Manager enables organizations to centrally manage encryption keys for Thales CipherTrust Data Security Platform and third party products. It simplifies key lifecycle management tasks, including secure key generation, backup/restore, clustering, deactivation, and...

Top 10 reasons for Migrating to CipherTrust Manager

Top 10 reasons for Migrating to CipherTrust Manager - Data Sheet

Learn about the major reasons for current KeySecure customers to migrate to the new CipherTrust™ Manager appliance now. Customers who have relied on the KeySecure platform over many years can now take advantage of the advanced capabilities in this next generation key...

Enterprise Key Management Solutions - Solution Brief

Enterprise Key Management Solutions - Solution Brief

Discover how organizations can centrally manage keys for third-party devices including Microsoft SQL TDE, Oracle TDE, and KMIP-compliant encryption products.

Thales Key Management - Simplify data security by centrally managing keys and policies across the enterprise - White Paper

Key Management – Simplify Data Security - White Paper

Today, every IT organization is striving to protect valuable digital assets of any enterprise from accidental exposure or intentional misuse by cyber criminals. Many organizations have deployed a variety of point encryption solutions as a primary method of protecting sensitive...

Thales CipherTrust Data Discovery and Classification - Product Brief

Thales CipherTrust Data Discovery and Classification - Product Brief

Review the capabilities of data discovery and classification of sensitive data, which is integrated with the CipherTrust Manager management console.

CipherTrust Cloud Key Manager - Product Brief

CipherTrust Cloud Key Manager - Product Brief

Many infrastructure-, platform-, and software-as-a-service providers offer data-at-rest encryption capabilities with encryption keys managed by the service provider. Meanwhile, many industry or internal data protection mandates, as well as industry best practices as defined by...

Enterprise Key Management (EKM) Systems - Solution Brief

CipherTrust EKM for Storage Infrastructure - Solution Brief

Thales offers CipherTrust Manager as the central enterprise key management solution for an expansive ecosystem of storage and archive infrastructure partners, as described in this Solution Brief