Configuring Inline SSL with HSM for Key Management (6.2)

Introduction

Hardware Security Module (HSM) is a secure crypto processor with the main purpose of managing cryptographic keys and accelerate cryptographic operations. It offers onboard key generation / storage / symmetric and asymmetric encryption and backup. Enterprise networks leverage HSMs for granular control to users, accessing cryptographic keys and the flexibility to centrally manage the keys.

Gigamon Inline SSL solution on Gen3 GigaSMART modules, now have an added functionality to integrate with HSM platforms such as nCipher, allowing the enterprises to manage and maintain cryptographic keys centrally on their existing HSMs and don't have to redundantly make these keys available on the Gigamon's HC platform locally.

This Gigamon Validated Design illustrates steps to integrate nCipher (HSM) with the Inline SSL solution.

Figure 1 - Topology for inline SSL integration with nCipher (HSM)

 

Design Overview

Inline SSL solution design includes inline network(s) and inline tool(s) as in any typical inline SSL deployment. Inbound configuration for the key mappings to the HSM Server communication is via IP interface configured for the GigaSMART engine. Figure 1 is a simple topology with HSM connectivity and below are some limitations with the solution.

• Gen3 GigaSMART modules on the HC connects to the HSM (nCipher) server via secure IP connectivity.
• Support HSM (nCipher) based encryption / decryption with IPv4.
• Support HSM (nCipher) based encryption / decryption with IPv6 for data traffic (Version 6.3 and beyond).
• RSA and ECDSA based encryption/decryption.

To learn more about this solution, read complete details on the Gigamon Community: Configuring-Inline-SSL-with-HSM-for-key-management-6-2