Preface
Fortanix Data Security Manager (DSM) SSH CA is part of a broader cryptographic services platform – Fortanix Data Security Manager. It is the most secure SSH CA, as it always runs inside HSM. In addition to the strict security, Fortanix Data Security Manager provides SSH CA with scalability, centralized management, automation and tamper proof audit logs.
Functionality
1. Create SSH CA key for signing user or host SSH keys.
2. Create SSH certificate by signing user’s/host’s SSH public key & related metadata with SSH CA key.
3. Publish the SSH CA public key to remote server, allowing user/host to authenticate to remote server using the SSH certificate.
4. SSH CA is a feature of Fortanix Data Security Manager. Security, management, automation and scalability are provided by the host Fortanix Data Security Manager. That includes broad range of REST APIs in Fortanix Data Security Manager, and the ability to extend and customize the functional- ity with ease by creating and running plugins inside- Data Security Manager. Plugins are Fortanix Data Security Manager’ special feature allowing to create and run custom code inside HSM.
Fortanix Data Security Manager
Fortanix Data Security Manager is an integrated HSM, key management, secret management, and tokenization platform. It is a distributed multi-tenant platform, which can be deployed across multiple locations and scales easily by just adding more nodes to the cluster. Fortanix Data Security Manager is centrally managed, API-based, and features broad range of features, as well as strict RBAC and quorum authentication. It is being used by some of the largest financial services, enterprises, retailers and cloud providers worldwide.
Benefits
Security
The entire SSH CA and every action the SSH CA does is done inside HSM. SSH CA key is never exposed.
Boxed solution
No need to configure the SSH CA or any other module.
Automation
The entire SSH CA flow is automated (being part of Fortanix Data Security Manager).
Management
Fortanix Data Security Manager has robust management, access controls, RBAC and advanced quorum authentication.
Audit
Fortanix Data Security Manager registers every activity and the logs are centralized and tamper-proof.
Scalability and Cloud Ready Architecture
Fortanix DSM comprises of containers built on Kubernetes cluster. It’s a multi-tenant platform that can be deployed in any number of locations, yet is always centrally managed. It is a clustered distributed platform, which scales horizontally infinitely and effortlessly.
Key management, secret management and tokenization
Available in the same platform.
