1 / 15

SafeNet KeySecure Appliance

SafeNet KeySecure Appliance . Module 4: Lesson 1 SafeNet StorageSecure Storage Security Course. Lesson Objectives. By the end of this lesson, you should be able to: Describe SafeNet KeySecure appliance components. KeySecure. KeySecure Appliance Major Components.

kalila
Download Presentation

SafeNet KeySecure Appliance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SafeNet KeySecure Appliance Module 4: Lesson 1 SafeNet StorageSecure Storage Security Course

  2. Lesson Objectives • By the end of this lesson, you should be able to: • Describe SafeNet KeySecure appliance components

  3. KeySecure

  4. KeySecure Appliance Major Components • Note: The physical location of some components might be different

  5. KeySecure k460 Logical View Smart Card KMIP Clients NAE-XML Clients Smart Card Reader KS-KMIP KS-SSKM KeySecure CentOS Xen VM SSKM CentOS Administration PC iKey SSMC PKCS#11 Client PKCS#11 Client PED TCP socket connections NTLS Proxy Service Luna HSM drivers StorageSecure Luna K6 PCI HSM Xen Hypervisor BES (OpenKey) Direct connection or RemotePED FIPS-140-2 Level 3 Legacy DataFort Legacy LKM Dell Based Next Generation KeySecure Hardware Platform

  6. KeySecure Appliance Front View • Locking Bezel • Unlock the protective bezel to access the power button. • Power Button and Power Indicator • This button is used to power up or turn off the appliance. The power-on indicator lights when the system power is on. • LCD Panel • Provides Hardware information. • Hard Disks • The appliance supports two 2.5” SATA hard disks.

  7. KeySecure Appliance Rear View • DB9 Serial Console Port • The DB9 port is used to perform first-time initialization and gain console access to the appliance. • Ethernet Interfaces • The appliance has two gigabit ethernet interfaces. • Power Supplies • The appliance has two hot-plug high-efficient Energy Smart PSUs. • PED port • The PED port is used to connect the PIN entry device (PED) to the KeySecure. Ethernet Interfaces Serial Port HSM PED Port

  8. KeySecure Appliance Hardware • Major components • Uses SafeNet LUNA K6 HSM • Two disk drives in a RAID 1 (Mirror) configuration • Certification • KeySecure provides FIPS 140-2 Level 3 using the Luna K6 card. • FIPS 140-2 Level 2 for the KeySecure Chassis is planned to be achieved. • Field Replaceable Units (FRUs) • Power supplies and Power supplies fans • Hard drives

  9. KeySecure Appliance Software • KeySecure Database • Hard disks store PostgreSQL SQL database • For StorageSecure keys - KeySecure will back up Domain Keys (DK) and Cryptainer Keys (CK) • For StorageSecure configuration • SQL has built-in data integrity checks and features • High Scalability • Up to 100 SafeNet StorageSecure appliances per KeySecure-SSKM appliance • Up to 10,000,000 keys per KeySecure-SSKM • Up to 1,000,000 keys per KeySecure-KMIP

  10. KeySecure Appliance Software – Cont. • High Availability • Is done through linking the KeySecure-SSKM together in a KeySharing Group (up to 16 appliances in a group).

  11. KeySecure Appliance Communication • Configuration databases • Certain SafeNet StorageSecure changes trigger immediate backup of StorageSecure configDB to KeySecure-SSKM • Every 120 minutes (configurable) • SafeNet StorageSecure backs up to KeySecure appliance if needed • KeySecure appliance backs up its own configuration database to peer-linked KeySecure appliances • Keys • Every 5 seconds, KeySecure-SSKM appliance queries linked SafeNet StorageSecure appliances for new keys • Incrementally new keys are evaluated and replicated • KeySecure-SSKM pulls concurrently from multiple StorageSecure appliances and peer-linked KeySecure-SSKM appliances

  12. Migration from Legacy DataFortand LKM appliances to StorageSecure and KeySecure

  13. Migration from DataFort/LKM to StS/KS • The migration process in high level • Make sure we have access to the DataFort and to the LKM if available • Transfer the Keys: • If NetApp LKM is used, link the LKM to KeySecure and transfer the keys. • If NetApp LKM is not used, link the DataFort to KeySecure and transfer the keys. • Link the KeySecure to StorageSecure and transfer the Keys • Recommendation • For Migration from DataFort / LKM to StorageSecure / KeySecure contact SafeNet technical support or professional services teams in order to receive more information.

  14. Questions?

  15. Thank You

More Related