Vormetric Data Security Manager

Vormetric Data Security Manager

Remove data security deployment and operational complexity

Centrally manage your organization’s data security environment

The Vormetric Data Security Manager (DSM) is the central management point for all Vormetric Data Security Platform products. The DSM not only creates, stores and manages the encryption keys that protect data, it also enables organizations to manage every aspect of their Vormetric data security platform implementation. The DSM allows administrators to specify data access policies, administer DSM users and logical domains, generate usage reports, register new hosts, access security logs, manage third-party keys, digital certificates and more. Moreover, as enterprises and service providers need data security management in concert with their other infrastructure, the DSM also provides integration capabilities with multiple APIs and a command line interface as well as a simple graphical user interface (GUI) operation.



  • Unified, Simplified ManagementThe Data Security Manager (DSM) enables centralized management of data security policies and key management, simplifying training, deployment and operations.
  • Flexible Form FactorsThe Data Security Manager is available in different form factors and FIPS 140-2 levels. Deploy virtual appliances on-premises, in private and public clouds or select high-assurance hardware with the data security management tool.
  • Centralize Key and Policy ManagementProvision and manage keys for all Thales eSecurity products, and manage keys and certificates for third-party devices.


Flexible Deployment Form Factors

The Data Security Manager (DSM) is offered as a FIPS 140-2 Level 1 virtual appliance, as well as two hardware appliances: The V6000, which is FIPS 140-2 Level 2 certified, and the V6100, which is FIPS 140-2 Level 3 certified. The virtual appliance is available in VMware, HyperV, KVM, Amazon Web Services, and Azure compatible formats.

Unified Management and Administration

The DSM provides central management and secure storage of encryption keys, including those generated by Thales eSecurity products, KMIP-compliant devices, Microsoft SQL Server TDE, Oracle TDE and IBM Guardium Data Encryption. The data security manager has an intuitive Web-based console, CLI, or APIs for managing encryption keys and policies.

Maximum Security and Reliability

To maximize uptime and security, the DSM features redundant components and the ability to cluster appliances for fault tolerance and high availability. Strong separation-of-duties policies can be enforced to ensure that one administrator does not have complete control over data security activities, encryption keys or administration. In addition, the DSM supports two-factor authentication for administrative access as well as nShield Remote Administration with smart card access in the V6100.

Thales nShield HSM integration

Use Thales nShield Connect HSMs to provide FIPS 140-2 Level 3 root of trust for the virtual or V6000 hardware Vormetric DSM appliances. The DSM V6100 hardware appliance is equipped with an embedded FIPS 140-2 Level 3 nShield Solo HSM root of trust.

Secure key import for data encryption keys

Import data encryption keys generated by nShield HSMs, third-party HSMs or other key sources, using RESTful APIs or the DSM management console. These key import capabilities offer flexibility and give organizations more control of data security across cloud services, big data, container, and on-premises environments.


Hardware Specifications

    • 1U rack-mountable; 17” wide x 20.5” long x1.75” high (43.18 cm x 52.07cm x 4.5 cm)
    • V6000: 21.5 lbs (9.8 kg); V6100: 22 lbs (10 kg)
    • 16GB
    • Dual SAS RAID 1 configured with FIPS tamper-evident seals
    • 1 Serial Port
    • 2x1Gb Ethernet
    • 1×10/100Mb IPMI
    • 2 removable 80+certified (100VAC-240VAC/50-60Hz) 400W
    • Yes. Also includes FIPS tamper-evident seal on the top cover.
    • 410 BTU max
    • 10° to 35° C (50° to 95° F) Operating Temperature
    • -40° to 70° C (-40° to 158° F) Non-Operating Temperature
    • 8% to 90% (non-condensing) Operating Relative Humidity
    • 5% to 95% (non-condensing) Non-Operating Relative Humidity
    • Safety Agency Approval – FCC, UL, BIS certifications
    • 6100 model is equiped with an nShield Solo HSM, FIPS 140-2 Level 3 root of trust available for V6100 & virtual DSMs with nShield Connect HSM integration -FIPS 140-2 Level 3
    • V6100 only; requires optional nShield Remote Administration ki

Software Specifications

  • Secure Web, CLI, SOAP, REST
  • 1,000+  Number of Management Domains
  • API Support PKCS #11, Microsoft Extensible Key Management (EKM), SOAP, REST
  • Username/Password, RSA multi-factor authentication (optional)
  • Cluster Support – Yes
  • Manual and scheduled secure backups. M of N key restoration – Backup
  • SNMP, NTP, Syslog-TCP – Network Management
  • CEF, LEEF, RFC 5424 -Syslog Formats
  • Certifications and Validations – FIPS 140-2 Level 1, FIPS 140-2 Level 2, FIPS 140-2 Level 3 Common Criteria (ESM PP PM V2.1)

Minimum Virtual Machine Specifications – Random For Virtual Appliance

  • Number Of CPUs – 2
  • RAM (GB) – 4
  • Hard Disk(GB) – 100GB
  • Support Thin Provisioning – Yes


Vormetric Data Security Manager