FIPS 140-2 Level 3 Hardware Security Module (HSM)
Overview
Fortanix FIPS 140-2 Level 3 HSMs are designed for a cloud-first environment with superior performance and ability to manage legacy HSMs from a unified interface. HSMs can be delivered through an on-premises hardware appliance and as an industry-first SaaS service.
HSM Gateway, an add-on capability, connects to the legacy HSMs you already have and makes their keys manageable and accessible through Fortanix interface.
Different deployment options for HSMs include -
HSM ON-PREMISES
Fortanix Runtime Encryption Appliance FX2200 node is the ideal building block for implementing Fortanix Data Security Manager. You can securely generate, store, and use cryptographic keys and certificates, as well as secrets, such as passwords, API keys, tokens, or any blob of data.
HSM AS A SERVICE
Fortanix offers subscription-based access to dedicated HSMs (Hardware Security Modules) delivered as a service. With no hardware to deploy and software to manage, the service is 100% remotely managed with no physical access required. The service can be accessed via internet and is up and running in minutes with a click of a button.
Key Highlights
FIPS 140-2 level 3 compliant HSMs
Tamper-resistant with high assurance, superior performance and certified to the rigorous FIPS 140-2 level 3 cryptography standard.
Flexible deployment
Delivered as on-premises FX 2200 hardware appliance series or leveraging the industry’s first HSM as a Service.
Unified interface to manage legacy HSMs
HSM Gateway is an additional capability that facilitates centralized key and HSM management across 3rd party and legacy HSMs and Cloud HSMs.
Secured with INTEL® SGX
Secured with Intel® SGX to ensure that only authorized users have access to your keys and data.
Common APIs and services
Supports set of interfaces including REST, PKCS#11, KMIP, JCE and CNG.
Scaleable and highly available
Scale-out with linear and consistent performance. Highly available, always-on clustered design.
Consolidated audit logging
Secure, comprehensive immutable audit logs to help meet compliance
HSMs delivered On-Premises
FX2200 RUNTIME ENCRYPTION APPLIANCE SERIES II
Fortanix Runtime Encryption Appliance FX2200 Series II was born in the Cloud and used across the globe, in some of the largest Data Centers. The hardware appliance is the ideal platform designed to deliver secure Key Management, Hardware Security Module, and Cryptography services.
| Technical/Node Specification | |
|---|---|
| Cryptography | Full NSA Suite B algorithms |
| Interfaces supported | REST APIs, PKCS#11, Microsoft CAPI And CNG, JCE, KMIP |
| Certifications | IPS 140-2 Level 3 |
| Operating environment | Fortanix Data Security Manager (Running On Ubuntu LinuxTM) |
| Management / Monitoring | Centralized Management with Web UI, CLI And APIs Syslog, Splunk Integration |
| High Availability | Scale-out clustered design with built-in HA / DR |
| Reliability | Non-Rotating Media- Solid State Devices Dual Redundant Power Supplies, FRUs (Field Replaceable Units)MTBF 250,000 Hours (Basis of Parts Count Method) |
| Network Connectivity | Dual Copper 10Gigabit Ethernet, 10GBASE-T, IEEE 802.3an, Supporting Link Aggregation Gigabit Ethernet, 1000Base-T 100 Mb Ethernet: 100BASE- TX 1 X IPMI Port Dual SFP28 (Small Form Factor Pluggable) Support: SFI Interfaces Support 25GBase-R PCS And 25 Gigabit PMA In Order to Connect With SFI28 To 25GBase-SR |
| Processor | Intel® SGX |
| Memory | 64GB High Speed Memory |
| Dimensions | 1U Rackmount |
| Weight | 47lbs / 21.319Kg |
| Power Supply | Dual Redundant 300w AC Power Supplies |
| Voltage / Frequency | AC Input: 100-240v 63-47hz 5-2.5a |
| Thermal Rating | 1,164 BTU/hr (maximum) |
| Temperature | Operating: -5 to 40 C° / storage -40 to 70 C° |
| Safety and Environmental | FCC Class B, CE, TUV, GS, RoHS, C-Tick, CCC, VCCI |
HSMs delivered as a service
HSM as a service simplifies operations and reduces management overhead. The as a service model is delivered through the Equinix Cloud Exchange FabricTM (ECX Fabric).
Globally Available Service, Multi-Region Deployment With at Least 99.9% SLA
Service supports millions of keys per customer, horizontal scalability within the site, metro, and region, and low latency with cloud proximity.
Highly Scalable Solution
Service supports millions of keys per customer, horizontal scalability within the site, metro, and region, and low latency with cloud proximity.
Highly Resilient, Distributed Architecture With Maximum Availability
Service is based on a multiple cluster architecture. Each cluster resides in separate data centers to support a high-availability architecture and minimize latency. Keys are replicated automatically to eliminate a single point of failure and intelligent load-balancing service automatically accesses the nearest key management service.
