Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Service Resources

Plan Description

search

Plan Description

Thales Data Protection on Demand offers a one-stop data protection service platform, with a menu of security applications ranging from securing your keys to digital signing, and ensuring your root of trust. Click and deploy security services, provision users, add devices, and generate usage reports in minutes.

This document describes the services available through the Data Protection on Demand platform, accessible through either the Thales marketplace or other ecommerce marketplaces.

Luna Cloud HSM Services

Note

Luna Cloud HSM Services were formerly known as HSM on Demand or HSMoD services.

See Client Supported Platforms for more information about the Luna Cloud HSM Service client supported operating systems, supported cryptographic APIs, and PKCS#11 deployment cryptographic limitations.

Luna Cloud HSM

Set up and access a Cloud HSM service for your organization’s cryptographic operations.

This service provides access to Luna Cloud HSM Service partitions with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

Luna Cloud HSM for Cyberark

Secure CyberArk Privileged Access Security Solution's top-level encryption key in an HSM.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

Luna Cloud HSM for Digital Signing

Digitally sign software and firmware packages or electronic documents to ensure the integrity of the sender.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

Luna Cloud HSM for Hyperledger

Bring trust to blockchain transactions to perform the required cryptographic operations across the distributed system.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

Luna Cloud HSM for Java Code Signer

Generate and protect the private keys associated with your Java Code Signer application in an HSM.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

Luna Cloud HSM for Microsoft ADCS

Secure the keys of your Microsoft Root Certificate Authority (CA) in an HSM.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

Luna Cloud HSM for Microsoft Authenticode

Generate and secure your Microsoft Authenticode certificates on an HSM.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

Luna Cloud HSM for Microsoft SQL Server

Off-load Microsoft SQL Server cryptographic operations to an HSM.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

Luna Cloud HSM for PKI Private Key Protection

Secure private keys belonging to Certificate Authorities responsible for establishing PKI trust hierarchy.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

Luna Cloud HSM for Oracle TDE

Ensure that Oracle TDE encryption keys are protected by a master key that resides within the HSM.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

Luna HSM Backup

Backup and restore for your organization's on-premises Luna HSMs.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 5 cloning operations per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Audit Logging: Enabled

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL
  • On-premises Luna HSM, see user guide for supported devices

Luna Cloud HSM with Key Export

Set up and access a Cloud HSM service, with private key export capability, for your organization’s cryptographic operations.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 5 cloning operations per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Key Export: All keys/objects, including private keys, can be wrapped off the HSM
  • Audit Logging: Enabled

Luna Cloud HSM for DKE

Thales Luna HSMs and Double Key Encryption (DKE) for Microsoft 365 enables organizations to protect their most sensitive data while maintaining full control of their encryption keys. The solution uses two keys to protect data. One key is in the customer's control in a FIPS 140-2 Level 3 validated Luna HSM and a second key is stored securely in Microsoft Azure. Both keys are required to access protected data, ensuring that Microsoft and other third parties never have access to the protected data on their own. This enhanced data protection capability enables organizations to benefit from the full power of Microsoft 365 collaboration and productivity tools while protecting sensitive data and meeting data privacy regulations and requirements.

The service includes a Luna Cloud HSM Service and the Luna Key Broker for Microsoft DKE software package. Use the service to create a Microsoft DKE endpoint by running the included container and connecting the Luna Cloud HSM for secure storage of DKE cryptographic keys.

This service provides access to an Luna Cloud HSM Service with the following attributes:

  • Storage: up to 100 objects or 156kb (ex. fifty 4096 RSA asymmetric key pairs)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Audit Logging: Enabled

Requirements:

  • Compatible container environment (ex. Docker or Kubernetes)
  • Client Network Connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL
  • System and licensing requirements for DKE, as explained in the Microsoft DKE Documentation

CipherTrust Key Management Services

CipherTrust Data Security Platform as-a-Service

CipherTrust Data Security Platform as-a-Service (CDSPaaS), available through the DPoD Marketplace, allows subscribers to deploy best-in-class CipherTrust key management and data protection services from the cloud

payShield Cloud Services

Point-to-Point Encryption

Note

The Point-to-Point Encryption service is currently available as a free Technology Preview. The P2PE service will be a chargeable service in the future. Please subscribe to the DPoD Changelog for the latest updates to DPoD Platform and services.

Provides Point to Point encryption, decryption, key management, and key distribution services.

Set up and access a Payment HSM decryption service, for your organization's point-to-point payment transaction cryptographic operations. This service provides access to a Luna Cloud HSM Service via a Container, which exposes a REST API.

The Point-to-Point Encryption service has the following attributes:

  • Containers: up to 5 per service
  • Storage: up to 100 key objects (ex. 100 BDKs, or 50 KEKs and 50 BDKs)
  • Performance: up to 100 payment decryption operations per second
  • Key Generation: no more than 1 key generation per second
  • REST API interface to the container: See the P2PE REST API for more information
  • Supported Mechanisms: See the P2PE CLI for more information
  • Audit Logging: Enabled

Requirements:

  • Compatible container environment (ex. Docker or Kubernetes)
  • Client Network Connectivity over port 443 to the HSM datacenter in your selected region and your tenant's provisioning platform URL

On this page