KeyNexus
https://keynexus.net

KMIP like you’ve never seen it

Easily implement KMIP support in minutes

KeyNexus KMIP Server Overview

Is your team in search of a ready-to-go, straight out-of-the box Key Management Interoperability Protocol server for key storage and management?  KeyNexus offers our leading Enterprise On-premise and Cloud SaaS key management platforms in protocol compliant modules.  G-2000 Enterprise ready, our solution offers secure cryptographic key storage across diverse workloads.   KeyNexus is a turnkey solution, not a toolkit/SDK helpful only for building a system from scratch.  KeyNexus – offering the only compliant key management solution readily consumable by anyone in IT – Key Management Interoperability Protocol expert or not.

With KeyNexus you leverage KMIP as a seamless part of your overall key management operations.  Centrally manage, store, and consolidate key-management tasks across cloud, SaaS, on-premise systems, and endpoint devices like mobile and IoT while full time compliant.  You also get integrated features and capabilities like intelligent key management, advanced policy control, and enhanced access control for users and keys.

Architecture

KeyNexus offers Key Management Interoperability Protocol server support for versions 1.0, 1.1, 1.2 (1.3,1.4 pending) and provides an optional, easy-to-setup, GUI-based client to help you test and verify operability with an array of pre-existing test templates.

Supported KMIP Profiles: 

  • Baseline Server TLS v1.2 KMIP 1.0,1.1,1.2 Profile Conformance
  • Baseline Server KMIP 1.3,1.4 Profile Pending
  • Secret Data KMIP Profile
  • Basic Symmetric Key Store and Server KMIP Profile
  • Basic Symmetric Key Foundry and Server KMIP Profile

Supported KMIP Operations: 

  • Create, Create Key Pair, Register, Re-key, Derive Key, Locate, Check, Get, Get Attributes, Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Activate, Revoke, Destroy, Query, Discover Versions, Encrypt, Decrypt, Sign, Signature Verify, MAC, MAC Verify, RNG Retrieve, RNG Seed, Hash

Supported KMIP Objects: 

  • Certificate, Opaque Object, Private Key, Public Key, Secret Data, Split Key (currently supports registering split key), Symmetric Key, Template

Our VM-based on-premise key server can be setup in under an hour in the virtual environment of your choice.  Our cloud-based solution gets you a running start in minutes. Both platforms feature our easy-to-use UI that allows quick setup, authorization of user accounts, and creation/provisioning of keys for your workloads. Our on-premise platform supports multi-nodal high availability with master-master server configurations to help you meet resiliency planning and latency reduction goals.  Finally, the scale and capacity of our system – both in terms of transaction throughput and key volumes – is unmatched.

Who is this solution for?

KeyNexus introduced Key Management Interoperability Protocol support to our existing key management platforms to meet the following customer workflow needs.  Have a unique use case?  Contact us.

  • Enterprise use cases requiring key management for KMIP-only workflows, encrypted storage arrays, tape drives and key management HSMs, but where risk and expense of “build your own” using existing SDKs is not an option.
  • VM encryption including vSphere 6.5
  • Software and SaaS providers exposing ‘customer provided key’ capabilities to new security workflows.  Helping customers meet compliance requirements in cases where KMIP is selected for it’s universality.   Software and SaaS providers integrating third-party KMIP clients into their platforms can offer their customers easy-to-consume protocol compliant server options capable of interacting with a new KMIP client interface.
  • Hardware technologies, such as encrypted tape drives and storage arrays with embedded KMIP clients requiring turnkey protocol compliant servers to manage keys.
  • Software products that require fully self-contained, internal key management modules to support security workflows using standardized KMIP client-server architectures.

Please contact us to learn more or discuss your unique KMIP interests.