Managing the Key Management Service

Enterprises running services and applications that need to perform cryptographic operations, can delegate the key management task to an external provider using the Key Management Interoperability Protocol (KMIP). KMIP simplifies the way you manage cryptographic keys, eliminating the need for redundant, incompatible key management processes.

In CTERA Portal, each folder group has an AES-256 data encryption key used for data-at-rest encryption of all the blocks in this folder group. The data encryption keys for each folder group are stored in the CTERA Portal metadata database. When Key Management is enabled, each data encryption key in the database is stored encrypted and this encryption is performed with a separate key encryption key (KEK) that is obtained from the Key Management Server. The key encryption key is never stored persistently outside of the key management server, and can be rotated periodically on a configurable schedule by the Key Management Server.

CTERA Portal integrates with Thales CipherTrust Manager for the Key Management Server.

Key Management service tasks can be performed in the global administration view only.