Centrally manage your organization's encryption keys



Thales Vormetric Data Security Manager (DSM) is the centrepiece of the Thales product line. The DSM centralizes the provision and management of security keys to help your organization in the long run. Maximum uptime of the DSM is paired with its capabilities to store and manage a range of encryption keys, from Thales e-Security to IBM Guardium Data Encryption products.


  • Unified, Simplified Management

    The Data Security Manager (DSM) enables centralized management of data security policies and key management, simplifying training, deployment and operations

  • Flexible Form Factors

    The DSM is available in different form factors and FIPS 140-2 levels. Deploy virtual appliances on-premises, in private and public clouds or select high-assurance hardware with the data security management tool

  • Centralize Key and Policy Management

    Provision and manage keys for all Thales e-Security products, and manage keys and certificates for third-party devices


  • Flexible Deployment Form Factors

    The Data Security Manager (DSM) is offered as a FIPS 140-2 Level 1 virtual appliance, as well as two hardware appliances: The V6000, which is FIPS 140-2 Level 2 certified, and the V6100, which is FIPS 140-2 Level 3 certified. The data security management platform is also available on the Amazon Web Services (AWS) Marketplace and the Microsoft Azure Marketplace

  • Unified Management and Administration

    The DSM provides central management and secure storage of encryption keys, including those generated by Thales e-Security products, KMIP-compliant devices, Microsoft SQL Server TDE, Oracle TDE and IBM Guardium Data Encryption. Its intuitive Web-based console, CLI, or APIs are used for managing encryption keys and policies

  • Maximum Security and Reliability

    To maximize uptime and security, the DSM features redundant components and the ability to cluster appliances for fault tolerance and high availability. Strong separation-of-duties policies can be enforced to ensure that one administrator does not have complete control over data security activities, encryption keys or administration. In addition, the DSM supports two-factor authentication for administrative access as well as nShield Remote Administration with smart card access in the V6100


  • Administrative interfaces: Secure Web, CLI, SOAP, REST

    API support: PKCS #11, Microsoft Extensible Key Management (EKM), SOAP, REST

  • Security authentication: Username/password, RSA two-factor authentication (optional)

    Backup: Manual and scheduled secure backups. M of N key restoration

  • Network management: SNMP, NTP, Syslog-TCP

    Certifications: FIPS 140-2 Level 1, FIPS 140-2 Level 2, FIPS 140-2 Level 3, Common Criteria (ESM PP PM V2.1)