FIPS 140-2 Level 3 Hardware Security Module (HSM)

Download Datasheet

hero image

Overview

Fortanix FIPS 140-2 Level 3 HSMs are designed for a cloud-first environment with superior performance and ability to manage legacy HSMs from a unified interface. HSMs can be delivered through an on-premises hardware appliance and as an industry-first SaaS service.

HSM Gateway, an add-on capability, connects to the legacy HSMs you already have and makes their keys manageable and accessible through Fortanix interface.

Different deployment options for HSMs include

HSM ON-PREMISES

Fortanix Runtime Encryption Appliance FX2200 node is the ideal building block for implementing Fortanix Data Security Manager. You can securely generate, store, and use cryptographic keys and certificates, as well as secrets, such as passwords, API keys, tokens, or any blob of data.

HSM AS A SERVICE

Fortanix offers subscription-based access to dedicated HSMs (Hardware Security Modules) delivered as a service. With no hardware to deploy and software to manage, the service is 100% remotely managed with no physical access required. The service can be accessed via internet and is up and running in minutes with a click of a button.

Key Highlights:

  • IPS 140-2 level 3 compliant HSMs: Tamper-resistant with high assurance, superior performance and certified to the rigorous FIPS 140-2 level 3 cryptography standard.
  • Flexible deployment: Delivered as on-premises FX 2200 hardware appliance series or leveraging the industry’s first HSM as a Service.
  • Unified interface to manage legacy HSMs: HSM Gateway is an additional capability that facilitates centralized key and HSM management across 3rd party and legacy HSMs and Cloud HSMs.
  • Secured with INTEL® SGX: Secured with Intel® SGX to ensure that only authorized users have access to your keys and data.
  • Common APIS and services: Supports set of interfaces including REST, PKCS#11, KMIP, JCE and CNG.
  • Scaleable and highly available: Scale-out with linear and consistent performance. Highly available, always-on clustered design.
  • Consolidated audit logging: Secure, comprehensive immutable audit logs to help meet compliance.

HSMs delivered on-premises

FX2200 RUNTIME ENCRYPTION APPLIANCE SERIES II

Fortanix Runtime Encryption Appliance FX2200 Series II was born in the Cloud and used across the globe, in some of the largest Data Centers. The hardware appliance is the ideal platform designed to deliver secure Key Management, Hardware Security Module, and Cryptography services.

hsm image

Technical/Node Specification

Cryptography Full NSA Suite B algorithms
Interfaces supported REST APIs, PKCS#11, Microsoft CAPI And CNG, JCE, KMIP
Certifications IPS 140-2 Level 3
Operating environment Fortanix Data Security Manager (Running On Ubuntu LinuxTM)
Management / Monitoring Centralized Management with Web UI, CLI And APIs Syslog, Splunk Integration
High Availability Scale-out clustered design with built-in HA / DR
Reliability Non-Rotating Media- Solid State Devices Dual Redundant Power Supplies, FRUs (Field Replaceable Units)MTBF 250,000 Hours (Basis of Parts Count Method)
Network Connectivity Dual Copper 10Gigabit Ethernet, 10GBASE-T, IEEE 802.3an, Supporting Link Aggregation Gigabit Ethernet, 1000Base-T 100 Mb Ethernet: 100BASE- TX 1 X IPMI Port Dual SFP28 (Small Form Factor Pluggable) Support: SFI Interfaces Support 25GBase-R PCS And 25 Gigabit PMA In Order to Connect With SFI28 To 25GBase-SR
Processor Intel® SGX
Memory 64GB High Speed Memory
Dimensions 1U Rackmount
Weight 47lbs / 21.319Kg
Power Supply Dual Redundant 300w AC Power Supplies
Voltage / Frequency AC Input: 100-240v 63-47hz 5-2.5a
Thermal Rating 1,164 BTU/hr (maximum)
Temperature Operating: -5 to 40 C° / storage -40 to 70 C°
Safety and Environmental FCC Class B, CE, TUV, GS, RoHS, C-Tick, CCC, VCCI

HSMs delivered as a service

HSM as a service simplifies operations and reduces management overhead. The as a service model is delivered through the Equinix Cloud Exchange FabricTM (ECX Fabric).

Service offers:

GLOBALLY AVAILABLE SERVICE, MULTI-REGION DEPLOYMENT WITH AT LEAST 99.9% SLA

The service currently operates from 15 data centers around the world, giving you the freedom to select the global footprint that best matches your requirements.

map

HIGHLY SCALABLE SOLUTION

Service supports millions of keys per customer, horizontal scalability within the site, metro, and region, and low latency with cloud proximity.

HIGHLY RESILIENT, DISTRIBUTED ARCHITECTURE WITH MAXIMUM AVAILABILITY

Service is based on a multiple cluster architecture. Each cluster resides in separate data centers to support a high-availability architecture and minimize latency. Keys are replicated automatically to eliminate a single point of failure and intelligent load-balancing service automatically accesses the nearest key management service.

Background image

Ready to test Fortanix Runtime Encryption?

Request a demo
laptop Image