Guardian Series 3

Cryptographic infrastructure management

cryptography key management guardian series 3
Centralize, customize, automate

The cornerstone of enterprise cryptographic management

The Guardian Series 3 is a cryptographic infrastructure management device. Using the Guardian’s web-based dashboard, users can easily group Futurex devices into multiple clusters and manage them remotely. The device also features native integration with Futurex’s VirtuCrypt cloud, allowing users to manage cloud HSMs as well as on-premises HSMs. With fully customizable settings, seamless peering, centralized audit logging, and a user-friendly GUI, the Guardian Series 3 gets rid of in-person visits to data centers while streamlining enterprise HSM management.

Sales brochureTalk to an expert

Centralized configuration

  • Define device clusters
  • Assign new HSMs to clusters to increase scalability
  • Apply changes to multiple clusters at once
  • Remotely manage devices both on-premises and in the cloud

Object / key referencing

  • Directly integrate HSMs and key management servers
  • Encryption objects included in API calls
  • Reduce processing overhead and application integration effort

Cryptographic orchestration

  • Create a shared cryptographic resource pool
  • Consolidate cryptographic resources in one infrastructure
  • Distribute HSM services across enterprise
  • Deploy service-based cryptographic architecture

Custom monitoring and alerting

  • Granular monitoring parameters: temperature, access attempts, command counts, and more.
  • User-defined alert outputs
  • SMTP, SMS, and SNMP log outputs
  • SIEM integration

High availability and disaster recovery

  • Automated load balancing with zero downtime
  • Multi-site automated failover
  • Security profiles between multiple sites
  • Establish redundancy and disaster recovery
cryptography key management guardian series 3
Abstraction layer

The Guardian is an abstraction layer: the intermediary between applications and devices. In this capacity it handles load balancing, object caching, key referencing, and disaster recovery.

Out of band management

Some organizations must connect their host applications to Futurex HSMs directly. They can use the Guardian Series 3 to manage the HSM separately from the host application.

Flexible service models

Whether you use the Guardian Series 3 as an abstraction layer or for out of band management, you gain access to monitoring and alerting, centralized configuration, and much more.

Why use the Guardian Series 3?

The Guardian Series 3 provides advantages that are unique to Futurex technology. Its intuitive, web-based interface allows users to operate it from any location; it contains a high-performance HSM to perform cryptographic operations; it also serves as a centralized audit log repository for connected devices. All without the need for in-person management. 

Click diagram to enlarge

Reduce cryptographic management burden

A web-based management dashboard helps you streamline operations and maximize Futurex device processing. Manage a complete infrastructure from a single pane of glass.

Increase system redundancy

Enable full system redundancy with peering and automated failover. The Guardian automatically redistributes transaction loads for on-premises and cloud infrastructure.

Simplify updates and audits

Apply changes to and conduct log audits for Futurex devices spread across multiple data centers, including firmware updates, all from a central location.

Manage devices in real-time

Real-time notifications and alerts help you automatically monitor system parameters, throughput, and error messages of entire groups of connected devices.
Related: Hardware security modules

View specialized and general-purpose Futurex HSMs

See it now

Related: VirtuCrypt cloud products

Manage cloud products with the Guardian Series 3

See it now

Virtual HSM orchestration

Cluster HSMs deployed on-premises or in the cloud into user-defined groups, with customizable management settings.

Device peering algorithm

Automatically share data between your connected devices across multiple data centers and cloud environments.

Hybrid environments

Manage and load balance on-premises HSMs and cloud HSMs or transition to fully managed cloud infrastructure.

Native VirtuCrypt integration

Seamlessly manage and integrate with VirtuCrypt cloud services to support on-premises cryptographic processing.

Audit log repository

Consolidate data logs from all connected devices in one central location with automatic distribution functionality.

High availability and disaster recovery

Easily set up active-active, high-availability clusters of Futurex devices, including off-site failover configuration.

Centralized cryptographic management for Futurex products

Single-pane-of-glass management, visibility, and orchestration of an organization’s entire ecosystem

Guardian Series 3 specifications

Hardware features

  • Dual control-enabled, tamper-responsive
  • Smart card reader for M-of-N key fragmentation and dual-factor authentication
  • Dual, redundant gigabit Ethernet ports
  • Dual, redundant, hot-swappable power supplies
  • Automated, internal RAID-based backup of object management applications and databases

Operating conditions

  • Power: 100 – 240 VAC 50/60 Hz. 225 Watts
  • Operating temp: -40° to 140°F (-40° to 60°C)
  • Storage temp: -40° to 140°F (-40° to 60°C)
  • Operating humidity: 20% to 80% non-condensing
  • Storage humidity: 5% to 95% non-condensing

Dimensions and weight

  • Weight: 40.5 lbs (18.4 kg)
  • Width: 19 inches (48.3 cm)
  • Height: 2U – 3.47 inches (8.81 cm)
  • Depth: 22.3 inches (56.7 cm)

Powering the VirtuCrypt cloud

VirtuCrypt management services are backed by the Guardian Series 3 with hardened, FIPS 140-2 Level 3 validated technology. Whether an organization requires complete infrastructure management or simply more functionality for existing Futurex infrastructure, VirtuCrypt offers a variety of service structures designed to meet security requirements.

VirtuCrypt services
VirtuCrypt cloud HSM

Industry compliance standards

  • FIPS 140-2 Level 3 Compliant
  • ANSI X9.24 Part 1 and Part 2—TR-39
  • Payment Card Industry Data Security Standard (PCI DSS)
  • RoHS
  • FCC Part 15 – Class B

Centralized management capabilities

  • Master Key loading
  • User and permissions administration
  • Log management and audit reporting
  • Firmware distribution and installation
  • Synchronization of keys, certificates, and configuration settings across multiple client devices

Alerting and notification formats

  • Simple Mail Transfer Protocol (SMTP)
  • Simple Network Management Protocol (SNMP)
  • Short Message Service (SMS)
  • Syslog

Frequently asked questions

The Guardian Series 3 brings sophisticated IT management to cryptographic infrastructure. It fulfills a variety of use cases including monitoring and alerting, device clustering, load balancing, object and key referencing, and automated failover. Importantly, it allows the creation of a shared cryptographic resource pool that can be distributed among departments, rather than siloed according to each one.

The Guardian Series 3 makes use of a highly powerful monitoring and alerting engine. It features granular monitoring parameters: temperature, access attempts, command counts, and more.
Users can define alert output parameters, including log outputs via SMTP, SMS, and SNMP, as well as SIEM integration.

The Guardian was the first cryptographic management tool to perform device clustering. This feature allows administrators to arrange cryptographic devices into computing clusters with simple drag-and-drop commands. This is all done in real time. It makes it easy to manage a distributed infrastructure across an organization.

The Guardian Series 3 can be deployed on-premises, in the VrituCrypt cloud, or in a hybrid environment. It manages cryptographic infrastructure deployed in any environment as well.

Enterprise Management Capabilities and Business Insights for Your Data Security Ecosystem

To create a reliable cryptographic infrastructure requires constant attention. Changing throughput rates, compliance mandates, and new functional requirements demand a wide range of cryptographic devices. Administrators and key officers normally must visit each device, often in geographically dispersed data centers.

The Guardian Series 3 delivers centralized management, monitoring, load balancing, audit logging, and reporting to your environment. It frees you to focus on other priorities while complex cryptographic device management tasks are greatly reduced or even eliminated altogether.

The Guardian’s robust monitoring engine tracks vital information for managed devices and groups in real-time. Fully customizable notifications delivered via SMTP, SNMP, SMS, and syslog let administrators oversee infrastructure health and gain actionable insights. Administrators can even customize and view graphical reports and analyses.

  • Centralized Management of Futurex Devices
  • Key and Certificate Replicating for High Availability
  • Audit Log Repository for all managed devices
  • Customized Alerting and Notifications
Endless Access, Anytime

The Guardian allows authorized users to centralize management of Futurex devices through synchronous peering and remote configuration. It makes in-person physical management of enterprise cryptographic infrastructure virtually obsolete.

Ease of Use
  • Powerful user interface for intuitive operation
  • Seamless addition process for new Futurex client devices
  • Remote web management for lights-out data centers
  • Rapid modification of resource allocation
Intelligent Load Distribution and Automated Fallover
  • Active-active redundancy prevents loss of functionality in the event of a disaster, redistributing the processing load to backup Futurex devices
  • Automatic synchronization of keys, certificates, and device information among client devices
Enterprise Management for Your Core Cryptographic Infrastructure
  • Centralized management, configuration, log auditing, & key loading
  • User-defined device grouping system with drag-and-drop functionality, simplifying the process of managing multiple environments or regions collectively within the Guardian
  • Remotely “push” updates for distributing and installing firmware on managed devices, reducing travel time and expenses
Web Analytics and Management Platform
  • At-a-glance health assessment for the entire crypto infrastructure
  • User-friendly dashboard
  • Mobile-friendly support for all major web browsers
  • Ability to create custom reports of various outputs (CSV, HTML, etc.)
  • Customizable global cryptographic view featuring default or user-defined graphs
Regulatory Compliance Becomes an Easy Process
  • Centralized firmware updating simplifies the process of keeping client devices up-to-date
  • Consolidate data logs from all client devices
  • Permission-based user authentication system enables group-specific function blocking and can restrict users to job-specific functionality
Customized Notification and Alerting
  • User-definable alerting parameters and priority-based notifications
  • SMTP and SMS notifications let administrators see infrastructure health, receive proactive alerts, and gain actionable intelligence
  • Simple Network Message Protocol (SNMP) and syslog functionality transmit log and error messages to a central network monitoring tool
Dimension and Weight
  • Weight: 40.5 pounds (18.4 kg)
  • Width: 19 inches (48.3 cm)
  • Height: 2U – 3.47 inches (8.81 cm)
  • Depth: 22.3 inches (56.7 cm)
Industry Compliance Standards
  • FIPS 140-2 Level 3
  • FCC Part 15 – Class B
  • PCI HSM
  • RoHS
  • ANSI X9.24 Part 1 and Part 2—TR-39
Alerting and Notification Formats
  • SMTP
  • SNMP
  • SMS
  • Syslog
Operating Conditions
  • Power: 100 – 240 VAC 50/60 Hz. 225 Watts
  • Operating temp: -40° to 140°F (-40° to 60°C)
  • Storage temp: -40° to 140°F (-40° to 60°C)
  • Operating relative humidity: 20% to 80%
  • Storage relative humidity: 5% to 95%
External Hardware Requirements
  • Keyboard: Standard USB
  • Mouse: Standard USB
  • Video: SVGA 1024×768 at 75Hz refresh
Centralized Management Capabilities
  • Master File Key loading
  • General settings and configuration
  • User and permissions administration
  • Log management and audit reporting
  • Firmware distribution and installation
  • Synchronization of keys, certificates, & settings across multiple client devices

Want to learn more?

Contact a Solutions Architect today.

Give us a call