CipherTrust - DYMAR JAYA INDONESIA

www.t hales-esecurity.com
FLEXIBLE MONITORING AND MANAGEMENT
OF ALL HSMS ACROSS ALL LOCATIONS
CipherTrust provides network operations teams with high levels of visibility regarding the overall operational status of HSMs across multiple locations,
providing a central view of security and performance for mission critical cryptographic operations. It is a flexible monitoring and management
platform for Thales HSMs providing comprehensive 24 x 7 instantaneous status reporting on all HSMs without the need for any user intervention. It
delivers comprehensive alerts direct to designated operations staff on issues relating to HSM operation, security, configuration and utilization keeping
the relevant teams fully informed while helping them proactively respond to potential issues. Currently supporting monitoring of payShield 9000
HSMs, CipherTrust monitoring and management capabilities will be extended in future releases to additional HSM families.
Key Benefits
•Provides 24 x 7 visibility on all HSMs
•Identifies performance bottlenecks to improve capacity planning
•Facilitates proactive responses to potential HSM issues through automatic alerts
•Reduces costs through background remote operation without human intervention
•Integrates seamlessly with existing HSM hardware and software configurations
Thales e-Security
CipherTrust
CIPHERTRUST
TECHNICA L SP E CIFICATIONS
HSM Compatibility
• payShield 9000 with base or custom software version 1.0 or later
with SNMPv3 messaging enabled
Virtual Appliance minimum specification
• 2 CPUs with 2 cores each
• 8 GB RAM
• Thin provisioned hard drives
• Compatible with ESXi 5.1 and later (VM Version 9)
Role-based access control
• Supports two distinct roles – Administrator and Group Manager
• Distinct set of tasks applicable to each role supporting clear
separation of duties
• Enhances security in terms of configuration and administration for
overall CipherTrust system
Administrator role
• Create additional users
• Create groups of HSMs
• Assign roles to users
• Configure and commission system
• View and monitor group level performance statistics and alerts
• View and manage system level alerts and events
Group Manager role
• Enroll HSMs into groups
• Enable / disable monitoring of specific devices
• Respond to issues reported on HSM status,
utilization and health status
• View and monitor performance statistics and alerts at both group
and device level
• View individual device details for in-depth analysis
• Run pre-defined or custom reports for both groups
or individual HSMs
Central monitoring capabilities
• Refreshes utilization statistics for all HSMs on a per minute basis
• Provides series of warnings based on user-defined thresholds
• Delivers critical alerts based on independent
user-defined thresholds
• Allows users to define the time period for in-depth analysis (last
hour, 24 hours, 7 days, 30 days or custom)
• Delivers alarms via email and remote syslog server
•Tamper events
•Fraud detection
•PIN attacks
•Services (UDP, TCP etc)
Security
• Web server certificate management providing client browser to
CipherTrust authentication as part of session establishment
• Secure segregation of roles and responsibilities for Administrators
and Group Managers
• Strong password policy - control of expiry and
auto-logout duration.
• Out-of-band messaging for one-time-password (OTP) as part of
secure new user configuration
• Choice of algorithms for authentication and privacy
Follow us on:
Americas – Thales e-Security Inc. 900 South Pine Island Road, Suite 710, Plantation, FL 33324 USA • Tel:+1 888 744 4976 or +1 954 888 6200 • Fax:+1 954 888 6211 • E-mail: [email protected]
Asia Pacific – Thales Transport & Security (HK) Lt, Unit 4101-3, 41/F, Sunlight Tower, 248 Queen’s Road East, Wanchai, Hong Kong • Tel:+852 2815 8633 • Fax:+852 2815 8141 • E-mail: [email protected]
Europe, Middle East, Africa – Meadow View House, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ • Tel:+44 (0)1844 201800 • Fax:+44 (0)1844 208550 • E-mail: [email protected]
© Thales - November 2015 • PLB55412
Solution components
• DVD comprising CipherTrust application as an Open Virtual
Appliance (OVA) compatible with selected vSphere ESXi
Hypervisor, VMware Player and VWware Workstation
virtual platforms
•Download of VM image supported as alternative
to DVD approach
• Utilizes user-supplied DNS/DHCP server for IP assignment
• Web based management interface and
command line interface (CLI)
•Firefox and Internet Explorer browser support
• Flexible endpoint licensing mechanism supporting up to 200 HSMs