Understanding KMIP Compatibility
ThinkAgile CP is compatible with two vendors to support KMIP. Gemalto SafeNet Key Secure and Vormetric DSM key server are third-party, centralized key management platforms for clients who are required to use a KMIP infrastructure and FIPS 140-2 certification. Both vendors provide the solutions in hardware and virtual software appliance.
- At the time of writing, the solutions support KMIP 1.1 and 1.2.
- Gemalto SafeNet KeySecure supports 128-bit encryption. Whereas, Vormetric supports 128 or 256-bit encryption.
- Both solutions support HSM to store the master key.
- Both appliances can deliver FIPS 140-2 Level 2 and Level 3 certification
Vormetric (DSM 6.0) | Safenet KeySecure (8.1) | |
|---|---|---|
KMIP version support | 1.0, 1.1, 1.2 | 1.0, 1.1 |
KMIP client action logging | No | Yes |
security isolation at host granularity | Upcoming, Version 6.1 | Yes |
admin can delete secret data | No | Yes |
browse secret data by name attribute | No | Yes |
client cert upload required | client certificate | client CA |
Self signed certificate support | Yes | Yes |
KMIP Register Secret Data | Yes | Yes |
KMIP Locate Secret Data | Yes | Yes |
KMIP Destroy Secret Data | Yes | Yes |
FIPS compliant | Yes | Yes |
SSL 3.0 / TLS 1.0, 1.1, 1.2 | Yes | Yes |
FIPS compliant ciphers | Yes | Yes |
HA/cluster | Yes | Yes |
secure Secret Data by IP | No | Yes |
Two-way SSL/TLS authentication | Yes | Yes |