Overview
Fortanix FIPS 140-2 Level 3 HSMs are designed for a cloud-first environment with superior performance and ability to manage legacy HSMs from a unified interface. HSMs can be delivered through an on-premises hardware appliance and as an industry-first SaaS service.
HSM Gateway, an add-on capability, connects to the legacy HSMs you already have and makes their keys manageable and accessible through Fortanix interface.
Different deployment options for HSMs include
HSM ON-PREMISES
HSM AS A SERVICE
Key Highlights:
- IPS 140-2 level 3 compliant HSMs: Tamper-resistant with high assurance, superior performance and certified to the rigorous FIPS 140-2 level 3 cryptography standard.
- Flexible deployment: Delivered as on-premises FX 2200 hardware appliance series or leveraging the industry’s first HSM as a Service.
- Unified interface to manage legacy HSMs: HSM Gateway is an additional capability that facilitates centralized key and HSM management across 3rd party and legacy HSMs and Cloud HSMs.
- Secured with INTEL® SGX: Secured with Intel® SGX to ensure that only authorized users have access to your keys and data.
- Common APIS and services: Supports set of interfaces including REST, PKCS#11, KMIP, JCE and CNG.
- Scaleable and highly available: Scale-out with linear and consistent performance. Highly available, always-on clustered design.
- Consolidated audit logging: Secure, comprehensive immutable audit logs to help meet compliance.
HSMs delivered on-premises
FX2200 RUNTIME ENCRYPTION APPLIANCE SERIES II
Fortanix Runtime Encryption Appliance FX2200 Series II was born in the Cloud and used across the globe, in some of the largest Data Centers. The hardware appliance is the ideal platform designed to deliver secure Key Management, Hardware Security Module, and Cryptography services.
Technical/Node Specification
Cryptography | Full NSA Suite B algorithms |
Interfaces supported | REST APIs, PKCS#11, Microsoft CAPI And CNG, JCE, KMIP |
Certifications | IPS 140-2 Level 3 |
Operating environment | Fortanix Data Security Manager (Running On Ubuntu LinuxTM) |
Management / Monitoring | Centralized Management with Web UI, CLI And APIs Syslog, Splunk Integration |
High Availability | Scale-out clustered design with built-in HA / DR |
Reliability | Non-Rotating Media- Solid State Devices Dual Redundant Power Supplies, FRUs (Field Replaceable Units)MTBF 250,000 Hours (Basis of Parts Count Method) |
Network Connectivity | Dual Copper 10Gigabit Ethernet, 10GBASE-T, IEEE 802.3an, Supporting Link Aggregation Gigabit Ethernet, 1000Base-T 100 Mb Ethernet: 100BASE- TX 1 X IPMI Port Dual SFP28 (Small Form Factor Pluggable) Support: SFI Interfaces Support 25GBase-R PCS And 25 Gigabit PMA In Order to Connect With SFI28 To 25GBase-SR |
Processor | Intel® SGX |
Memory | 64GB High Speed Memory |
Dimensions | 1U Rackmount |
Weight | 47lbs / 21.319Kg |
Power Supply | Dual Redundant 300w AC Power Supplies |
Voltage / Frequency | AC Input: 100-240v 63-47hz 5-2.5a |
Thermal Rating | 1,164 BTU/hr (maximum) |
Temperature | Operating: -5 to 40 C° / storage -40 to 70 C° |
Safety and Environmental | FCC Class B, CE, TUV, GS, RoHS, C-Tick, CCC, VCCI |
HSMs delivered as a service
HSM as a service simplifies operations and reduces management overhead. The as a service model is delivered through the Equinix Cloud Exchange FabricTM (ECX Fabric).
Service offers:
GLOBALLY AVAILABLE SERVICE, MULTI-REGION DEPLOYMENT WITH AT LEAST 99.9% SLA
The service currently operates from 15 data centers around the world, giving you the freedom to select the global footprint that best matches your requirements.
HIGHLY SCALABLE SOLUTION
Service supports millions of keys per customer, horizontal scalability within the site, metro, and region, and low latency with cloud proximity.
HIGHLY RESILIENT, DISTRIBUTED ARCHITECTURE WITH MAXIMUM AVAILABILITY
Service is based on a multiple cluster architecture. Each cluster resides in separate data centers to support a high-availability architecture and minimize latency. Keys are replicated automatically to eliminate a single point of failure and intelligent load-balancing service automatically accesses the nearest key management service.