Home > Data Protection > PowerProtect DD Series Appliances > White Papers > PowerProtect DD Series Appliances: Encryption Software > KMIP-compliant external key managers: KeySecure and Data Security Manager
DD series appliances support a KMIP-compliant key manager: KeySecure v8.5, v8.9, v8.10 and v8.12.1; NextGen v1.9.1 and v.10 from SafeNet or Gemalto; or Data Security Manager (DSM) 6.3 from Thales/Vormetric. To use a KMIP key manager, users must configure both the key manager and the protection system or DDVE to trust each other. A protection system retrieves these keys and their states from the key manager after establishing a secure TLS connection.
You can encrypt file-system data (active tier only) by configuring KeySecure, NextGen, or DSM as the key manager. You may manage keys from DD series appliances and configure a key-rotation policy for weekly or monthly automatic key rotation. You cannot enable external key managers (which include KeySecure, NextGen, and DSM) on systems that have encryption enabled on one or more cloud units, similar to Key Secure.
See the document KMIP Integration Guide for DD OS for more information about how to create keys and use them on a protection system.