KMS Solutions

When selecting a Key Management Server (KMS), you must consider the key management and encryption requirements for your cluster.

The following are the various KMS solutions available, and the criteria often used for selecting each.

Key Trustee KMS with Key Trustee Server

Choose KT KMS with Key Trustee Server if:
  • Enterprise-grade key management is required
  • Encryption zone key protection by an HSM is not required

Key Trustee KMS with Key Trustee Server and Key HSM

Choose KT KMS with Key Trustee Server and Key HSM if:
  • Enterprise-grade key management is required
  • Encryption zone key protection by an HSM (as root of trust) is required Performance for encryption zone key operations is critical

HSM KMS

Choose HSM KMS if:
  • Enterprise-grade key management is required
  • Encryption zone keys must be stored only on the HSM
  • Performance for encryption zone key operations is not critical