Hyperconverged infrastructure (HCI) is a popular choice for modernizing data centers and supporting mission-critical enterprise applications. However, HCI also brings new challenges for data security and compliance, especially when it comes to managing encryption keys across multiple platforms and environments. In this post, we will introduce how Sangfor HCI and Thales CipherTrust KMS work together to provide a secure and compliant solution for key management on HCI.
Compliance Challenges for Key Management on HCI
HCI simplifies the deployment and management of compute, storage, and network resources by consolidating them into a single platform. However, this also means that the encryption keys that protect the data stored on HCI need to be managed in a centralized and consistent way. Some of the compliance challenges for key management on HCI include:
- Ensuring that encryption keys are stored securely and separately from the data they protect, to prevent unauthorized access or tampering.
- Implementing policies and controls to govern the life cycle of encryption keys, such as creation, rotation, revocation, backup, and recovery.
- Supporting multiple encryption standards and algorithms, such as AES, RSA, ECC, and KMIP, to meet the requirements of different applications and regulations.
- Integrating with various cloud services and platforms, such as AWS, Azure, Google Cloud, VMware, and Kubernetes, to enable seamless encryption and key management across hybrid environments.
- Auditing and reporting on the usage and status of encryption keys, to demonstrate compliance with internal and external policies and regulations.
Thales CipherTrust KMS: A Trusted Solution for Encryption Key Management
Thales CipherTrust KMS is a comprehensive solution for encryption key management that addresses the compliance challenges for key management on HCI. Thales CipherTrust KMS offers the following benefits:
- It provides a centralized platform for managing encryption keys across multiple platforms and environments, including HCI, cloud, virtualization, containers, databases, applications, and devices.
- It supports various encryption standards and algorithms, such as AES, RSA, ECC, and KMIP, to enable interoperability and compatibility with different encryption products and services.
- It enables separation of duties between data owners and key custodians, by securely storing encryption keys in a dedicated hardware security module (HSM) or in the cloud.
- It automates key lifecycle management processes, such as creation, rotation, revocation, backup, and recovery, based on predefined policies and schedules.
- It integrates with various cloud services and platforms, such as AWS KMS, Azure Key Vault, Google Cloud KMS, VMware vSphere, Kubernetes, etc., to enable consistent encryption and key management across hybrid environments.
- It provides audit trails and reports on the usage and status of encryption keys, to facilitate compliance monitoring and reporting.
Sangfor HCI: A Leading Platform for Hyperconverged Infrastructure
Sangfor HCI is a leading hyperconverged infrastructure platform that provides a one-stop solution for cloud computing and data center transformation. Sangfor HCI offers the following benefits:
- It simplifies the deployment and management of compute, storage, security, and network resources by consolidating them into a single platform that can be easily scaled out according to business needs.
- It enhances the performance and reliability of applications by leveraging advanced technologies such as NVMe SSDs, RDMA, etc.
- It reduces the total cost of ownership (TCO) by optimizing resource utilization and eliminating unnecessary hardware purchases and maintenance costs.
- It supports various types of workloads and applications, such as virtual desktop infrastructure (VDI), database (DB), artificial intelligence (AI), etc., by providing flexible configuration options and tailored solutions.
- It enables seamless integration with Sangfor Managed Cloud Service (MCS) to enable hybrid cloud scenarios such as cloud bursting, disaster recovery, backup, etc.
How Sangfor HCI and Thales CipherTrust KMS Work Together
Sangfor HCI and Thales CipherTrust KMS work together to provide a secure and compliant solution for key management on HCI. The integration between Sangfor HCI and Thales CipherTrust KMS enables the following capabilities:
- Encryption of data at rest on Sangfor HCI using AES-256 algorithm with XTS mode.
- Encryption of data in transit between Sangfor HCI nodes using TLS 1.2 protocol with AES-256 algorithm with GCM mode.
- Centralized management of encryption keys on Thales CipherTrust KMS using KMIP protocol.
- Secure storage of encryption keys on Thales CipherTrust KMS using HSM or cloud service.
- Automated key lifecycle management on Thales CipherTrust KMS using policies and schedules.
- Seamless integration with cloud services and platforms using Thales CipherTrust KMS connectors and APIs.
Use Cases for CipherTrust KMS on Sangfor HCI
There are many use cases for CipherTrust on HCI, such as:
- Protecting sensitive data from unauthorized access or theft, such as personal information, financial records, intellectual property, etc.
- Meeting compliance requirements for data security and privacy, such as GDPR, PCI DSS, HIPAA, etc.
- Enabling secure data migration and replication across different platforms and environments, such as HCI, cloud, virtualization, containers, etc.
- Supporting disaster recovery and backup scenarios by ensuring data availability and integrity in case of system failure or outage.
- Enhancing data governance and auditability by tracking and reporting on the usage and status of encryption keys.
Sangfor HCI and Thales CipherTrust KMS provide a secure and compliant solution for key management on HCI. By integrating Sangfor HCI and Thales CipherTrust KMS, organizations can benefit from the simplicity, performance, scalability, and cost-effectiveness of HCI, while ensuring the security, compliance, interoperability, and automation of encryption key management. To learn more about Sangfor HCI and Thales CipherTrust KMS, please visit https://cpl.thalesgroup.com/partners/sangfor-technologies-inc or contact our sales representatives.