Guardian Series 3

Cryptographic infrastructure management

cryptography key management guardian series 3
Centralize, customize, automate

The cornerstone of enterprise cryptographic management

The Guardian Series 3 is a cryptographic infrastructure management device. Using the Guardian’s web-based dashboard, users can easily group Futurex devices into multiple clusters and manage them remotely. The device also features native integration with Futurex’s VirtuCrypt cloud, allowing users to manage cloud HSMs as well as on-premises HSMs. With fully customizable settings, seamless peering, centralized audit logging, and a user-friendly GUI, the Guardian Series 3 gets rid of in-person visits to data centers while streamlining enterprise HSM management.

Sales brochureTalk to an expert

Centralized configuration

  • Define device clusters
  • Assign new HSMs to clusters to increase scalability
  • Apply changes to multiple clusters at once
  • Remotely manage devices both on-premises and in the cloud

Object / key referencing

  • Directly integrate HSMs and key management servers
  • Encryption objects included in API calls
  • Reduce processing overhead and application integration effort

Cryptographic orchestration

  • Create a shared cryptographic resource pool
  • Consolidate cryptographic resources in one infrastructure
  • Distribute HSM services across enterprise
  • Deploy service-based cryptographic architecture

Custom monitoring and alerting

  • Granular monitoring parameters: temperature, access attempts, command counts, and more.
  • User-defined alert outputs
  • SMTP, SMS, and SNMP log outputs
  • SIEM integration

High availability and disaster recovery

  • Automated load balancing with zero downtime
  • Multi-site automated failover
  • Security profiles between multiple sites
  • Establish redundancy and disaster recovery
cryptography key management guardian series 3
Abstraction layer

The Guardian is an abstraction layer: the intermediary between applications and devices. In this capacity it handles load balancing, object caching, key referencing, and disaster recovery.

Out of band management

Some organizations must connect their host applications to Futurex HSMs directly. They can use the Guardian Series 3 to manage the HSM separately from the host application.

Flexible service models

Whether you use the Guardian Series 3 as an abstraction layer or for out of band management, you gain access to monitoring and alerting, centralized configuration, and much more.

Why use the Guardian Series 3?

The Guardian Series 3 provides advantages that are unique to Futurex technology. Its intuitive, web-based interface allows users to operate it from any location; it contains a high-performance HSM to perform cryptographic operations; it also serves as a centralized audit log repository for connected devices. All without the need for in-person management. 

Click diagram to enlarge

Reduce cryptographic management burden

A web-based management dashboard helps you streamline operations and maximize Futurex device processing. Manage a complete infrastructure from a single pane of glass.

Increase system redundancy

Enable full system redundancy with peering and automated failover. The Guardian automatically redistributes transaction loads for on-premises and cloud infrastructure.

Simplify updates and audits

Apply changes to and conduct log audits for Futurex devices spread across multiple data centers, including firmware updates, all from a central location.

Manage devices in real-time

Real-time notifications and alerts help you automatically monitor system parameters, throughput, and error messages of entire groups of connected devices.
Related: Hardware security modules

View specialized and general-purpose Futurex HSMs

See it now

Related: VirtuCrypt cloud products

Manage cloud products with the Guardian Series 3

See it now

Virtual HSM orchestration

Cluster HSMs deployed on-premises or in the cloud into user-defined groups, with customizable management settings.

Device peering algorithm

Automatically share data between your connected devices across multiple data centers and cloud environments.

Hybrid environments

Manage and load balance on-premises HSMs and cloud HSMs or transition to fully managed cloud infrastructure.

Native VirtuCrypt integration

Seamlessly manage and integrate with VirtuCrypt cloud services to support on-premises cryptographic processing.

Audit log repository

Consolidate data logs from all connected devices in one central location with automatic distribution functionality.

High availability and disaster recovery

Easily set up active-active, high-availability clusters of Futurex devices, including off-site failover configuration.

Centralized cryptographic management for Futurex products

Single-pane-of-glass management, visibility, and orchestration of an organization’s entire ecosystem

Guardian Series 3 specifications

Hardware features

  • Dual control-enabled, tamper-responsive
  • Smart card reader for M-of-N key fragmentation and dual-factor authentication
  • Dual, redundant gigabit Ethernet ports
  • Dual, redundant, hot-swappable power supplies
  • Automated, internal RAID-based backup of object management applications and databases

Operating conditions

  • Power: 100 – 240 VAC 50/60 Hz. 225 Watts
  • Operating temp: -40° to 140°F (-40° to 60°C)
  • Storage temp: -40° to 140°F (-40° to 60°C)
  • Operating humidity: 20% to 80% non-condensing
  • Storage humidity: 5% to 95% non-condensing

Dimensions and weight

  • Weight: 40.5 lbs (18.4 kg)
  • Width: 19 inches (48.3 cm)
  • Height: 2U – 3.47 inches (8.81 cm)
  • Depth: 22.3 inches (56.7 cm)

Powering the VirtuCrypt cloud

VirtuCrypt management services are backed by the Guardian Series 3 with hardened, FIPS 140-2 Level 3 validated technology. Whether an organization requires complete infrastructure management or simply more functionality for existing Futurex infrastructure, VirtuCrypt offers a variety of service structures designed to meet security requirements.

VirtuCrypt services
VirtuCrypt cloud HSM

Industry compliance standards

  • FIPS 140-2 Level 3 Compliant
  • ANSI X9.24 Part 1 and Part 2—TR-39
  • Payment Card Industry Data Security Standard (PCI DSS)
  • RoHS
  • FCC Part 15 – Class B

Centralized management capabilities

  • Master Key loading
  • User and permissions administration
  • Log management and audit reporting
  • Firmware distribution and installation
  • Synchronization of keys, certificates, and configuration settings across multiple client devices

Alerting and notification formats

  • Simple Mail Transfer Protocol (SMTP)
  • Simple Network Management Protocol (SNMP)
  • Short Message Service (SMS)
  • Syslog

Frequently asked questions

The Guardian Series 3 brings sophisticated IT management to cryptographic infrastructure. It fulfills a variety of use cases including monitoring and alerting, device clustering, load balancing, object and key referencing, and automated failover. Importantly, it allows the creation of a shared cryptographic resource pool that can be distributed among departments, rather than siloed according to each one.

The Guardian Series 3 makes use of a highly powerful monitoring and alerting engine. It features granular monitoring parameters: temperature, access attempts, command counts, and more.
Users can define alert output parameters, including log outputs via SMTP, SMS, and SNMP, as well as SIEM integration.

The Guardian was the first cryptographic management tool to perform device clustering. This feature allows administrators to arrange cryptographic devices into computing clusters with simple drag-and-drop commands. This is all done in real time. It makes it easy to manage a distributed infrastructure across an organization.

The Guardian Series 3 can be deployed on-premises, in the VrituCrypt cloud, or in a hybrid environment. It manages cryptographic infrastructure deployed in any environment as well.

Want to learn more?

Contact a Solutions Architect today.

Give us a call