VMWare Sovereign clouds offer continuous protection and secure accessibility controls to enable new values and opportunities data protection. Protect and control confidential or restricted data with the data residency and data sovereignty that a sovereign cloud provides, ensuring compliance with changing data privacy laws using a trusted cloud that supports a nation’s digital economy. Virtual environments running VMware can readily leverage vSphere VM Encryption or vSAN encryption to protect VMs and data-at-rest. However, enterprise key management that is both secure and adaptable to a dynamic software-defined infrastructure remains a challenge. Traditional HSMs require proprietary hardware and are inflexible for a software-defined data center. Software-only key managers on the other hand do not offer the protection of HSMs.
The joint VMware and Fortanix solution offer scalable data protection and compliance for VMware Sovereign cloud environments. Fortanix Data Security Manager (DSM), is a unified HSM and Key Management solution that easily integrates via KMIP for VMware vSAN and vSphere VM encryption, enabling sovereign cloud customers to bring and manage their own keys. Fortanix DSM makes it possible for VMware Sovereign cloud providers to deliver Data Protection and compliance to the end customers (tenants). Secured with Intel® SGX, Fortanix DSM delivers HSM security with software defined simplicity, and a cloud scale architecture.
Fortanix DSM with built-in multi-tenancy, when integrated together with VMware Sovereign cloud, enables service provider partners the ability to offer Bring Your Own Key (BYOK) for VM encryption and vSAN Encryption, FIPS 140-2 Level 3 HSM protection, key management, tokenization, and secrets management through a single platform, hosted within the VMware Sovereign Cloud boundary.
Deployment – VMware Sovereign cloud Boundary
The VMware Cloud Provider partners can host Fortanix Data Security Manager out of the HSM appliances running in their data centers within the VMware Sovereign cloud boundary. Each VMware Sovereign cloud customer will have a dedicated vCentre where they can configure Fortanix Data Security Manager as an external key manager. The customer will have full control of the keys and the VMware Cloud Provider partner will have zero access/visibility to the keys. The keys never leave the sovereign cloud boundary.
- Only Customers will have access to the keys. Providers have zero visibility.
- Keys will be generated and managed in Customer controlled Fortanix DSM account
- Multi-tenancy- Each customer account is separated from each other