English
    Listing Thumbnail

    Cosmian KMS - Ubuntu 24.04 (AMD SEV-SNP)

     Info
    Sold by: COSMIAN 
    Deployed on AWS
    This Customer Managed Key Management System has charges associated with the use of the software from UAT to Production and also standard support from Cosmian.
    0 AWS reviews

    Overview

    This is a repackaged software wherein additional charges apply for extended support.

    Cosmian kms is a modern, cloud-ready key management system for your encryption keys and certificates, running inside a Cosmian vm - a verifiable and confidential virtual machine.

    This ensures that your KMS remains entirely confidential, at rest and in use, and is verifiable (no hardware of software tampering).

    Cosmian kms delivers unparalleled data security for your organization with an on-the-fly encryption/decryption keys solution, empowering sovereignty, security, and efficiency.

    • Protect your data sovereignty with our independent security solution, eliminating reliance on public cloud providers.

    • Strengthen your security posture by taking charge of sensitive data encryption, including workspace, R&D data, HR information, and electronic communications.

    • Streamline your IT system and server management with automated processes, empowering your system administrators to boost productivity and efficiency in infrastructure management.

    What is in Cosmian kms? Modern lifecycle management for keys and certificates : Cosmian kms offer cutting-edge features for managing encryption keys and certificates throughout their lifecycle.

    • Key storage
    • Key generation
    • Key rotation
    • Key distribution
    • Key usage policies

    Advanced Public Key Infrastructure integration : Integrating seamlessly with external entities, the Cosmian kms facilitates Public Key Infrastructure management beyond the confines of your organization. Whether it's leveraging third-party actors or overseeing key governance, we ensure a streamlined and secure process.

    Embedding standard and modern encryption libraries : Embracing both standard and contemporary cryptographic algorithms, the Cosmian kms boasts an unparalleled breadth of coverage.

    • FIPS 140-3 validated encryption libraries
    • Covercrypt: Post-quantum resistance & access policy
    • Findex: search encryption

    Highlights

    • Advanced Key Management for crypto-agility / Enhanced Data Protection / Zero Trust KMS Strategy / Scalability and Flexibility

    Details

    Sold by
    COSMIAN 
    Categories
    Security 
    Delivery method
    Delivery option
    64-bit (x86) Amazon Machine Image (AMI)
    Latest version
    Operating system
    Ubuntu 24.04
    Deployed on AWS

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases
    View financing details

    Pricing

    Cosmian KMS - Ubuntu 24.04 (AMD SEV-SNP)

     Info
    View purchase options
    Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    Usage costs (30)

     Info
    Dimension
    Cost/hour
    c6a.xlarge
    Recommended
    $1.52
    c6a.16xlarge
    $24.32
    r6a.8xlarge
    $12.16
    r6a.2xlarge
    $3.04
    c6a.12xlarge
    $18.24
    c6a.24xlarge
    $36.48
    m6a.8xlarge
    $12.16
    r6a.4xlarge
    $6.08
    c6a.metal
    $72.96
    c6a.48xlarge
    $72.96

    Vendor refund policy

    We apply the standard refund policy from AWS which states that refund can be done directly through AWS within the first 48 hours. After that no refund will be taken into account.

    How can we make this page better?

    We'd like to hear your feedback and ideas on how to improve this page.
    We'd like to hear your feedback and ideas on how to improve this page.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    64-bit (x86) Amazon Machine Image (AMI)

    Amazon Machine Image (AMI)

    An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.

    Version release notes

    [5.0.0] - 2025-05-07

    WARNING: This is a breaking change release. Databases created with version 4.x.x are not compatible with version 5.0.0. Please export your keys using standard formats (PKCS#8, PEM, etc.) and re-import them after upgrading.

    -Features : -Support for KMIP 1.0, 1.1, 1.2, 1.3, 1.4, 2.0, 2.1 -Binary TTLV for all KMIP versions on port 5696 -JSON TTLV for all KMIP versions on port 9998, endpoint /kmip -VMware support -Possible automatic key wrapping on Create and Import -Better telemetry using OTLP and logs to syslog -Run KMS server with privileged users: -These users can grant or revoke create access rights for other users -Without Create access right or privileged status, users can't create or import objects to KMS

    -Refactor : -Rationalize SQL implementation -Rust KeyBlock implementation not fully compliant with KMIP 2.1 specs

    • Bug Fixes : -Multiple fixes in KMIP 2.1 TTLV formats

    • Miscellaneous Tasks: -More extensive coverage of KMIP attributes -Database schema changes

    Additional details

    Usage instructions

    WARNING : The region east-us1 must not be used to deploy Cosmian products ! It is only present due to an AWS testing constraint but this region does not allow the deployment of confidential VM for the moment.

    Make sure to enable the configuration related to AMD SEV-SNP option located in the advanced details tab within the marketplace deployment page.

    As the Cosmian KMS is deployed on top of a Cosmian Verifiable VM, cosmian_vm_agent starts for the first time, it initializes several components:

    1. It generates a self-signed certificate and sets the CommonName of the certificate to the value of the machine hostname.
    2. It generates a LUKS container (/var/lib/cosmian_vm/container) and mounts it at /var/lib/cosmian_vm/data. Note that /var/lib/cosmian_vm/tmp is a tmpfs. It is encrypted but it should contain only volatile data since it is erased at each VM reboot. Data in this directory is encrypted due to the fact that the RAM is encrypted.
    3. It generates the TPM endorsement keys.

    It is recommended to configure 1. and 2. on your own for production systems.

    The certificate can be changed at will:

    • Edit your DNS register to point to that VM.
    • Create a trusted certificate using the method of your choice (e.g., Let's Encrypt) or use cosmian_certtool.
    • Edit the cosmian_vm_agent configuration file to point to the location of the TLS certificate and private key.

    The LUKS container can be regenerated using cosmian_fstool with your own size and password (to store by yourself in a secure location). It is recommended to use an additional backup disk to store the container. You can skip all these first startup steps by setting COSMIAN_VM_PREINIT=0 when starting cosmian_vm_agent.

    Once the image is instantiated (on GCP, Azure, or AWS), the <code>cosmian_vm_agent</code> automatically starts as a systemd service when the VM boots.

    You can now install any packages or applications you want on the VM.

    Your VM is now set and ready.

    Finally, please follow the deployment process to configure your KMS properly: https://docs.cosmian.com/deployment/cosmian_vm_kms/ 

    Support

    Vendor support

    Get support

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Get support

    Similar products

    Cosmian KMS - RHEL 9 (AMD SEV-SNP)
    By COSMIAN
    This Customer Managed Key Management System has charges associated with the use of the software from UAT to Production and also standard support from Cosmian.
    View product
    Cosmian Verifiable VM - Ubuntu 24.04 (AMD SEV-SNP)
    By COSMIAN
    This Cosmian Verifiable VM has charges associated with the use of the software from UAT to Production and also standard support from Cosmian.
    View product
    Cosmian Confidential AI - RHEL 9 (AMD SEV-SNP)
    By COSMIAN
    This Cosmian Confidential AI has charges associated with the use of the software from UAT to Production and also standard support from Cosmian.
    View product
    Cosmian Verifiable VM - RHEL 9 (AMD SEV-SNP)
    By COSMIAN
    This Cosmian Verifiable VM has charges associated with the use of the software from UAT to Production and also standard support from Cosmian.
    View product

    Customer reviews

    Write a review

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 AWS reviews
    No customer reviews yet
    Be the first to write a review for this product.