Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Service Resources

Plan Description

search

Plan Description

Thales Data Protection on Demand offers a one-stop data protection service platform, with a menu of security applications ranging from securing your keys to digital signing, and ensuring your root of trust. Click and deploy security services, provision users, add devices, and generate usage reports in minutes.

This document describes the services available through the Data Protection on Demand platform, accessible through either the Thales marketplace or other ecommerce marketplaces.

Luna Cloud HSM Services

Note

Luna Cloud HSM Services were formerly known as HSM on Demand or HSMoD services.

See Client Supported Platforms for more information about the Luna Cloud HSM Service client supported operating systems, supported cryptographic APIs, and PKCS#11 deployment cryptographic limitations.

Luna Cloud HSM

Set up and access a Cloud HSM service for your organization’s cryptographic operations.

This service provides access to Luna Cloud HSM Service partitions with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

Luna Cloud HSM for Cyberark

Secure CyberArk Privileged Access Security Solution's top-level encryption key in an HSM.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

Luna Cloud HSM for Digital Signing

Digitally sign software and firmware packages or electronic documents to ensure the integrity of the sender.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

Luna Cloud HSM for Hyperledger

Bring trust to blockchain transactions to perform the required cryptographic operations across the distributed system.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

Luna Cloud HSM for Java Code Signer

Generate and protect the private keys associated with your Java Code Signer application in an HSM.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

Luna Cloud HSM for Microsoft ADCS

Secure the keys of your Microsoft Root Certificate Authority (CA) in an HSM.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

Luna Cloud HSM for Microsoft Authenticode

Generate and secure your Microsoft Authenticode certificates on an HSM.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

Luna Cloud HSM for Microsoft SQL Server

Off-load Microsoft SQL Server cryptographic operations to an HSM.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

Luna Cloud HSM for PKI Private Key Protection

Secure private keys belonging to Certificate Authorities responsible for establishing PKI trust hierarchy.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

Luna Cloud HSM for Oracle TDE

Ensure that Oracle TDE encryption keys are protected by a master key that resides within the HSM.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

Luna HSM Backup

Backup and restore for your organization's on-premises Luna HSMs.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 5 cloning operations per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL
  • On-premises Luna HSM, see user guide for supported devices

Luna Cloud HSM with Key Export

Set up and access a Cloud HSM service, with private key export capability, for your organization’s cryptographic operations.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 5 cloning operations per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Key Export: All keys/objects, including private keys, can be wrapped off the HSM
  • Audit Logging: Enabled

Luna Cloud HSM for DKE

Thales Luna HSMs and Double Key Encryption (DKE) for Microsoft 365 enables organizations to protect their most sensitive data while maintaining full control of their encryption keys. The solution uses two keys to protect data. One key is in the customer's control in a FIPS 140-2 Level 3 validated Luna HSM and a second key is stored securely in Microsoft Azure. Both keys are required to access protected data, ensuring that Microsoft and other third parties never have access to the protected data on their own. This enhanced data protection capability enables organizations to benefit from the full power of Microsoft 365 collaboration and productivity tools while protecting sensitive data and meeting data privacy regulations and requirements.

The service includes a Luna Cloud HSM Service and the Luna Key Broker for Microsoft DKE software package. Use the service to create a Microsoft DKE endpoint by running the included container and connecting the Luna Cloud HSM for secure storage of DKE cryptographic keys.

This service provides access to an Luna Cloud HSM Service with the following attributes:

  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Audit Logging: Enabled

Requirements:

  • Compatible container environment (ex. Docker or Kubernetes)
  • Client Network Connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL
  • System and licensing requirements for DKE, as explained in the Microsoft DKE Documentation

CipherTrust Key Management Services

Note

Ciphertrust Key Management services were formerly known as Key Management on Demand services.

Key Broker for Salesforce

Create tenant secrets for Salesforce and manage your keys and security policies in concert with Salesforce Shield across their lifecycle.

The Key Broker for Salesforce Service provides the following key management capabilities:

  • Management of all tenant secrets within a single Salesforce Organization
  • Generate new Salesforce tenant secrets using an HSM
  • Revoke and destroy a Salesforce tenant secret from Salesforce Shield
  • Re-import Salesforce tenant secrets from the Key Broker to Salesforce Shield

Requirements:

  • A valid Salesforce account with appropriate permissions for managing keys and API access (API Enabled, Manage Encryption Keys, and Modify All Data.)
  • Salesforce Shield Platform Encryption enabled on your Salesforce instance
  • An internet connection. DPoD communicates over HTTPS, as a result communications with DPoD require access to outgoing port 443 and DNS services.

Key Broker for Google Cloud EKM

Provides security and key management best practices, while leveraging the power of Google Cloud for compute and analytics.

The Key Broker for Google EKM Service provides the following key management capabilities:

  • Generate master and working keys for Google BigQuery and Compute with EKM.

Requirements:

  • To use the Key Broker for Google EKM service, you will need an active Google Cloud Platform account and will need to enable External Key Management from the cloud console.
  • An internet connection. DPoD communicates over HTTPS, as a result communications with DPoD require access to outgoing port 443 and DNS services.

CipherTrust Data Security Platform as-a-Service

CipherTrust Data Security Platform as-a-Service (CDSPaaS), available through the DPoD Marketplace, allows subscribers to deploy best-in-class CipherTrust key management and data protection services from the cloud

payShield Cloud Services

Point-to-Point Encryption

Note

The Point-to-Point Encryption service is currently available as a free Technology Preview. The P2PE service will be a chargeable service in the future. Please subscribe to the DPoD Changelog for the latest updates to DPoD Platform and services.

Provides Point to Point encryption, decryption, key management, and key distribution services.

Set up and access a Payment HSM decryption service, for your organization's point-to-point payment transaction cryptographic operations. This service provides access to a Luna Cloud HSM Service via a Container, which exposes a REST API.

The Point-to-Point Encryption service has the following attributes:

  • Containers: up to 5 per service
  • Storage: up to 100 key objects (ex. 100 BDKs, or 50 KEKs and 50 BDKs)
  • Performance: up to 100 payment decryption operations per second
  • Key Generation: no more than 1 key generation per second
  • REST API interface to the container: See the P2PE REST API for more information
  • Supported Mechanisms: See the P2PE CLI for more information
  • Audit Logging: Enabled

Requirements:

  • Compatible container environment (ex. Docker or Kubernetes)
  • Client Network Connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

On this page