CipherTrust - DYMAR JAYA INDONESIA
Transcription
CipherTrust - DYMAR JAYA INDONESIA
www.t hales-esecurity.com FLEXIBLE MONITORING AND MANAGEMENT OF ALL HSMS ACROSS ALL LOCATIONS CipherTrust provides network operations teams with high levels of visibility regarding the overall operational status of HSMs across multiple locations, providing a central view of security and performance for mission critical cryptographic operations. It is a flexible monitoring and management platform for Thales HSMs providing comprehensive 24 x 7 instantaneous status reporting on all HSMs without the need for any user intervention. It delivers comprehensive alerts direct to designated operations staff on issues relating to HSM operation, security, configuration and utilization keeping the relevant teams fully informed while helping them proactively respond to potential issues. Currently supporting monitoring of payShield 9000 HSMs, CipherTrust monitoring and management capabilities will be extended in future releases to additional HSM families. Key Benefits •Provides 24 x 7 visibility on all HSMs •Identifies performance bottlenecks to improve capacity planning •Facilitates proactive responses to potential HSM issues through automatic alerts •Reduces costs through background remote operation without human intervention •Integrates seamlessly with existing HSM hardware and software configurations Thales e-Security CipherTrust CIPHERTRUST TECHNICA L SP E CIFICATIONS HSM Compatibility • payShield 9000 with base or custom software version 1.0 or later with SNMPv3 messaging enabled Virtual Appliance minimum specification • 2 CPUs with 2 cores each • 8 GB RAM • Thin provisioned hard drives • Compatible with ESXi 5.1 and later (VM Version 9) Role-based access control • Supports two distinct roles – Administrator and Group Manager • Distinct set of tasks applicable to each role supporting clear separation of duties • Enhances security in terms of configuration and administration for overall CipherTrust system Administrator role • Create additional users • Create groups of HSMs • Assign roles to users • Configure and commission system • View and monitor group level performance statistics and alerts • View and manage system level alerts and events Group Manager role • Enroll HSMs into groups • Enable / disable monitoring of specific devices • Respond to issues reported on HSM status, utilization and health status • View and monitor performance statistics and alerts at both group and device level • View individual device details for in-depth analysis • Run pre-defined or custom reports for both groups or individual HSMs Central monitoring capabilities • Refreshes utilization statistics for all HSMs on a per minute basis • Provides series of warnings based on user-defined thresholds • Delivers critical alerts based on independent user-defined thresholds • Allows users to define the time period for in-depth analysis (last hour, 24 hours, 7 days, 30 days or custom) • Delivers alarms via email and remote syslog server •Tamper events •Fraud detection •PIN attacks •Services (UDP, TCP etc) Security • Web server certificate management providing client browser to CipherTrust authentication as part of session establishment • Secure segregation of roles and responsibilities for Administrators and Group Managers • Strong password policy - control of expiry and auto-logout duration. • Out-of-band messaging for one-time-password (OTP) as part of secure new user configuration • Choice of algorithms for authentication and privacy Follow us on: Americas – Thales e-Security Inc. 900 South Pine Island Road, Suite 710, Plantation, FL 33324 USA • Tel:+1 888 744 4976 or +1 954 888 6200 • Fax:+1 954 888 6211 • E-mail: [email protected] Asia Pacific – Thales Transport & Security (HK) Lt, Unit 4101-3, 41/F, Sunlight Tower, 248 Queen’s Road East, Wanchai, Hong Kong • Tel:+852 2815 8633 • Fax:+852 2815 8141 • E-mail: [email protected] Europe, Middle East, Africa – Meadow View House, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ • Tel:+44 (0)1844 201800 • Fax:+44 (0)1844 208550 • E-mail: [email protected] © Thales - November 2015 • PLB55412 Solution components • DVD comprising CipherTrust application as an Open Virtual Appliance (OVA) compatible with selected vSphere ESXi Hypervisor, VMware Player and VWware Workstation virtual platforms •Download of VM image supported as alternative to DVD approach • Utilizes user-supplied DNS/DHCP server for IP assignment • Web based management interface and command line interface (CLI) •Firefox and Internet Explorer browser support • Flexible endpoint licensing mechanism supporting up to 200 HSMs