Virtual KeySecure: A Virtual Security Appliance for Encryption Keys

NEW! The new k170v and k470v models provide additional hosting options, and can run as a native virtual machine on VMware, AWS, Microsoft Azure, Oracle VM Virtual Box, OpenStack, Microsoft Hyper-V and Google with more public/private clouds coming soon.

Thales delivers encryption for application, database, file, and workload data in a single high-availability solution. Thales Virtual KeySecure’s proven cryptographic performance means critical encryption tasks can be offloaded to a dedicated encryption appliance, ensuring data protection efforts do not impede critical IT operations. 

Additionally, Thales Virtual KeySecure ensures that organizations maintain ownership of their encryption keys at all times by hardening the appliance OS and encrypting the entire virtual appliance.

Download the product brief

 

Thales Virtual KeySecure - Key Management Use Cases

Thales Virtual KeySecure provides application data protection and centralized key management for Gemalto and third-party encryption products across stored and archived data, virtual workloads, and applications.

• Virtual Workloads: ThalesVirtual KeySecure centrally manages keys for complete encryption of virtual instances deployed on AWS Marketplace and VMware when deployed with ThalesProtectV solution.
• Backup Media: Thales Virtual KeySecure supports industry leading tape libraries, scalable backup, and cloud archive solutions.
• Storage: Thales Virtual KeySecure supports leading storage platforms and cloud storage services like AWS, DropBox and Google.
• Applications: Thales Virtual KeySecure supports applications level encryption via Thales ProtectApp solution and integrations from cloud application partners.

See our growing catalog of interoperability partners.

 

Request a Quote

Thales Virtual KeySecure Specifications

Jump to:

• k170v Specifications
• k470v Specifications
• k150v Specifications
• k450v Specifications
• Third Party Integrations
• Supported Technologies

 

Thales Virtual KeySecure k170v:

Feature

Details

Max keys

25,000

Max concurrent clients

100

Hardware Security Module (HSM) Integration*

Yes

Supports Thales Data Protection Portfolio**

ThalesProtectApp, Thales ProtectFile, Thales ProtectDB, Thales Tokenization and Thales ProtectV, Thales High Speed Encryptors, Thales SureDrop

 

 

Thales Virtual KeySecure k470v:

Feature

Details

Max keys

1,000,000

Max concurrent clients

1000 clients per cluster and 7000 connections+

Hardware Security Module (HSM) Integration*

Yes

Supports Thales Data Protection Portfolio**

Thales ProtectApp, Thales ProtectFile, Thales ProtectDB, Thales Tokenization and Thales ProtectV, Thales High Speed Encryptors, Thales SureDrop

+Based on physical/virtual default system environments. Based on an average client test, performance will vary depending on use case and configuration.

Thales Virtual KeySecure k150v:

Feature

Details

Max keys

25,000

Max concurrent clients

100

Hardware Security Module (HSM) Integration*

Yes

Supports Thales Data Protection Portfolio**

Thales ProtectApp, Thales ProtectFile, Thales ProtectDB, Thales Tokenization and Thales ProtectV, Thales High Speed Encryptors, Thales SureDrop

 

 

Thales Virtual KeySecure k450v:

Feature

Details

Max keys

1,000,000

Max concurrent clients

1,000

Hardware Security Module (HSM) Integration*

Yes

Supports Thales Data Protection Portfolio**

Thales ProtectApp, Thales ProtectFile, Thales ProtectDB, Thales Tokenization and Thales ProtectV, Thales High Speed Encryptors, Thales SureDrop

 

 

Third-Party Integrations:

Feature

Details

Thales Third-Party Integration Support

See our growing catalog of interoperability partners 

*Thales Virtual KeySecure integrates with hardware security modules (HSMs): Cloud-based, such as Amazon Web Services CloudHSM, Thales Data Protection on Demand (HSM on Demand Services), or Thales Luna HSM, a hardware appliance option that is deployed on-premises in a range of models and configurations.
****ThalesVirtual KeySecure k150v and k450v appliances using Thales ProtectApp, Thales ProtectDB, and Thales Tokenization, require the purchase of Thales Crytpo Pack. Thales ProtectV and Thales ProtectFile do not require Thales Crypto Pack feature activation. The k170v and k470v using any of the Thales Data Protection portfolio do not require the purchase of Thales Crypto Pack.

 

 

Supported Technologies

Feature

Details

API Support (k150v, k450v)

KMIP 1.1, JCE, MS-CAPI, ICAPI, .NET and PKCS #11

API Support (k170v, k470v)

KMIP 1.1, JCE, MS-CAPI, ICAPI, .NET and PKCS #11

Network Management (k150v, k450v)

NTP, URL health check, signed secure logs & syslog, automatic log rotation, secured encryption and integrity checked backups and upgrades, extensive statistics

Network Management (k170v, k470v)

Secure audit logs, Secured and integrity checked backups, In place upgrades

Authentication

LDAP and Active Directory

Management Interfaces

Thales KeySecure Management Console: Graphical user interface (GUI) available via web browser that is capable of symmetric/asymmetric key , certificate , appliance, and user management.

Command Line Interface (CLI): Command line interface (CLI) available over SSH or directly through the serial console port

Auditing and Logging

Cryptographically signed tracking of granular events. Configurable audit trail with local and remote (syslog) logging.

Supported Algorithms

Thales Virtual KeySecure k150v and k450v models support the following public algorithms:

• AES
• ARIA
• DES
• DESede
• HMAC-SHA1
• HMAC-SHA256
• HMAC-SHA384
• HMAC-SHA512
• RC4
• RSA
• SEED

Thales Virtual KeySecure k170v and k470 models support the following public algorithms:

• AES
• TDES
• RSA
• HMAC-SHA1
• HMAC-SHA256
• HMAC-SHA384
• HMAC-SHA512

Operating System

KeySecure is an encrypted application that is self-contained (including all operating system level libraries/modules). All encryption keys and managed objects (certificates, secrets, etc.) are stored in an encrypted vault within the appliance, providing customers with a reinforced, secure way to access and centralize key management in the enterprise. 

 

 

Request a Quote

Highlighted Key Management Features:

• The k150v and k450v models can be rented from a service such as AWS marketplace, or hosted on a virtual machine such as VMware.


• The new generation Thales Virtual KeySecure k170v and k470 models provide users with additional hosting options, and can run as a native virtual machine on VMware, AWS, Microsoft Azure, Oracle VM Virtual Box, OpenStack and Google with more public/private clouds coming soon.
• Thales Virtual KeySecure supports master key storage as a root of trust in hardware security modules (HSMs): Cloud-based, such as Amazon Web Services CloudHSM, Thales Data Protection on Demand (HSM on Demand Services), or Thales Luna HSM, a hardware appliance option that is deployed on-premises in a range of models and configurations.


• Subscription-based offerings are better suited for operating expenditure (op-ex) models, versus capital expenditure models (standard hardware purchases) that require upfront payment.


• Flexible deployment options can easily scale to provide key management at remote facilities or in cloud infrastructures.


• Compatibility with the OASIS Key Management Interoperability Protocol (KMIP) standard provides support for a large and growing list of encryption products.


• Key security policies can be consolidated across multiple, disparate encryption systems, protecting current investments.


• Centralized, efficient auditing of key management offers simplified compliance for cloud environments and decreases the amount of time spent on compliance mandates.


• Thales Virtual KeySecure’s hardened virtual appliance mitigates security risks typically associated with software-based implementations.


• Bring Your Own License (BYOL) for AWS Market place enables the purchase of Connector licenses direct from Thales (available for the k150v model).

 

Request a Quote