Skip to main content
Integrate Hitachi VSP with CryptoHub to provide external, hardware-secured key management for block storage encryption. The Encryption License Key feature connects to CryptoHub over mutually authenticated TLS 1.2 using KMIP 1.0, enabling secure external management of encryption keys through the Device Manager - Storage Navigator web interface.

About Hitachi VSP

Hitachi Virtual Storage Platform (VSP) is Hitachi Vantara’s enterprise block storage platform, designed for mission-critical workloads requiring high performance, availability, and data protection. The VSP G900 is a high-end model in the G/F series, delivering industry-leading performance with NVMe flash acceleration, active-active controllers, and 99.9999% availability.

Key features

This integration has the following features:
  • Enterprise block storage: High-performance, scalable block storage supporting FC, iSCSI, and NVMe-oF protocols for mission-critical enterprise workloads.
  • Encryption License Key: Built-in data-at-rest encryption using AES-256, with support for both local key management and external KMIP-based key management servers.
  • Storage virtualization: Abstracts and virtualizes heterogeneous storage resources across the data center, enabling centralized management and non-disruptive data migration.
  • Global Active Device (GAD): Active-active replication across sites with zero RPO and automatic failover, ensuring continuous data availability.
  • Dynamic provisioning: Thin provisioning with automated tiering that optimizes data placement across flash and disk tiers based on access patterns.
  • Device Manager - Storage Navigator: Web-based management interface for configuration, monitoring, and administration of all VSP features including encryption and key management.

Benefits of CryptoHub integration through KMIP

Integrating with CryptoHub provides the following benefits:
  • Enhanced security: CryptoHub provides FIPS 140-2 Level 3 validated hardware security for Hitachi VSP encryption keys, ensuring that Key Encryption Keys (KEKs) and data encryption keys are protected by a certified hardware security module.
  • Centralized key management: A single CryptoHub deployment can manage encryption keys for multiple VSP storage systems as well as other KMIP-integrated applications, simplifying administration across the data center.
  • Regulatory compliance: Storing encryption keys in a FIPS 140-2 Level 3 validated HSM helps organizations meet compliance requirements for PCI DSS, HIPAA, GDPR, and other regulatory frameworks.
  • Operational resilience: CryptoHub’s built-in high availability and failover capabilities ensure uninterrupted access to encryption keys, which is critical when the VSP is configured to protect the KEK on the key management server.
  • Key lifecycle management: CryptoHub provides comprehensive key lifecycle management including generation, rotation, backup, and destruction, complementing the VSP’s built-in key backup and regular backup scheduling features.