Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

back

Service Resources

Service Description

search

Service Description

Service Description

Thales Data Protection on Demand offers a one-stop data protection service platform, with a menu of security applications ranging from securing your keys to digital signing, and ensuring your root of trust. Click and deploy security services, provision users, add devices, and generate usage reports in minutes.

This document describes the services available through the Data Protection on Demand platform, accessible through either the Thales marketplace or other ecommerce marketplaces.

Luna Cloud HSM Services

Luna Cloud HSM Services were formerly known as HSM on Demand or HSMoD services.

HSM on Demand

Set up and access an HSM on Demand service for your organization's cryptographic operations.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects (e.g. 50 pairs asymmetric keys or 100 symmetric keys)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant’s provisioning platform URL

HSM on Demand for Cyberark

Secure CyberArk Privileged Access Security Solution's top-level encryption key in an HSM.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects (e.g. 50 pairs asymmetric keys or 100 symmetric keys)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant’s provisioning platform URL

HSM on Demand for Digital Signing

Digitally sign software and firmware packages or electronic documents to ensure the integrity of the sender.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects (e.g. 50 pairs asymmetric keys or 100 symmetric keys)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant’s provisioning platform URL

HSM on Demand for Hyperledger

Bringing trust to blockchain transactions to perform the required crypto operations across the distributed system.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects (e.g. 50 pairs asymmetric keys or 100 symmetric keys)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant’s provisioning platform URL

HSM on Demand for Java Code Signer

Sign Java artifacts using an encryption key generated on an HSM.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects (e.g. 50 pairs asymmetric keys or 100 symmetric keys)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant’s provisioning platform URL

HSM on Demand for Microsoft ADCS

Secure your Microsoft Root Certificate Authority (CA) signing keys in an HSM.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects (e.g. 50 pairs asymmetric keys or 100 symmetric keys)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant’s provisioning platform URL

HSM on Demand for Microsoft Authenticode

Generate and secure your Microsoft Authenticode certificates on an HSM on Demand service.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects (e.g. 50 pairs asymmetric keys or 100 symmetric keys)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant’s provisioning platform URL

HSM on Demand for Microsoft SQL Server

Off-load Microsoft SQL Server crypto operations to an HSM on Demand service to improve performance and security.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects (e.g. 50 pairs asymmetric keys or 100 symmetric keys)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant’s provisioning platform URL

HSM on Demand for Private Key Protection

Secure private keys belonging to Certificate Authorities responsible for establishing a PKI trust hierarchy.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects (e.g. 50 pairs asymmetric keys or 100 symmetric keys)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant’s provisioning platform URL

HSMoD for Oracle TDE

Ensure that Oracle TDE data encryption keys are protected by a master key that resides within the HSM.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects (e.g. 50 pairs asymmetric keys or 100 symmetric keys)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant’s provisioning platform URL

Luna HSM Backup

Backup and restore for your organization's on-premises Luna HSMs.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects (e.g. 50 pairs asymmetric keys or 100 symmetric keys)
  • Performance: up to 100 operations per second
  • Key Generation: no more than 1 key generation per second
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Private Key Cloning: Enabled (cloning private keys to and from a Luna Network HSM)

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant’s provisioning platform URL
  • On-premises Luna HSM, see user guide for supported devices

HSM on Demand with Key Export

Set up and access an HSM on Demand service, with private key export, for your organization's cryptographic operations.

This service provides access to a Luna Cloud HSM Service with the following attributes:

  • Clients: up to 5 per service
  • Storage: up to 100 objects (e.g. 50 pairs asymmetric keys or 100 symmetric keys)
  • Performance: up to 5 cloning operations per second
  • Key Generation: not supported
  • Cryptographic APIs: PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • Supported Mechanisms: see the Supported Mechanisms List
  • Modes: FIPS, non-FIPS (User Selectable)
  • Key Export: All keys/objects, including private keys, can be wrapped off the HSM

Requirements:

  • Compatible client operating system as described in the user guide
  • Network connectivity over port 443 to the HSM datacenter in your selected region and your tenant’s provisioning platform URL

CipherTrust Key Management Services

Ciphertrust Key Management services were formerly known as Key Management on Demand services.

Salesforce Key Broker

Create tenant secrets for Salesforce and manage your keys and security policies in concert with Salesforce Shield across their lifecycle.

The Salesforce Key Broker Service provides the following key management capabilities:

  • Management of all tenant secrets within a single Salesforce Organization
  • Generate new Salesforce tenant secrets using an HSM
  • Revoke and destroy a Salesforce tenant secret from Salesforce Shield
  • Re-import Salesforce tenant secrets from the Key Broker to Salesforce Shield

Requirements:

  • A valid Salesforce account with appropriate permissions for managing keys and API access (API Enabled, Manage Encryption Keys, and Modify All Data.)
  • Salesforce Shield Platform Encryption enabled on your Salesforce instance
  • An internet connection. DPoD communicates over HTTPS, as a result communications with DPoD require access to outgoing port 443 and DNS services.

Key Broker for Azure

Generate and import keys into Microsoft Azure Key Vault to enhance data protection and compliance

The Key Broker for Azure Service provides the following key management capabilities:

  • Generate key using an HSM and import to Azure Key Vault

Requirements:

  • To use the Key Broker for Azure service, you will need an active Microsoft "organizational account" (an account that is associated with an Azure Active Directory, in short "AAD") with the following permissions:
    • access to your Microsoft Azure subscription (at minimum with a "Contributor" role)
    • access to Azure Managed Applications
    • ability to create/manage Azure Key Vaults
    • ability to create/manage keys inside Key Vaults
  • An internet connection. DPoD communicates over HTTPS, as a result communications with DPoD require access to outgoing port 443 and DNS services.

Key Broker for Google Cloud EKM

Generate, manage, and use encryption keys via a unique key URL and establish strong control and access policies to enhance data protection and compliance.

The Key Broker for Google EKM Service provides the following key management capabilities:

  • Generate master and working keys for Google BigQuery and Compute with EKM.

Requirements:

  • To use the Key Broker for Google EKM service, you will need an active Google Cloud Platform account and will need to enable External Key Management from the cloud console.
  • An internet connection. DPoD communicates over HTTPS, as a result communications with DPoD require access to outgoing port 443 and DNS services.

payShield Cloud Services

Point-to-Point Encryption

The Point-to-Point Encryption service is currently available as a free Technology Preview. The P2PE service will be a chargeable service in the future. Please subscribe to the DPoD Changelog for the latest updates to DPoD Platform and services.

Provides Point to Point encryption, decryption, key management, and key distribution services.

Set up and access a Payment HSM decryption service, for your organization's point-to-point payment transaction cryptographic operations. This service provides access to a Luna Cloud HSM Service via a Container, which exposes a REST API.

The Point-to-Point Encryption service has the following attributes:

  • Containers: up to 5 per service
  • Storage: up to 100 key objects (e.g. 100 BDKs, or 50 KEKs and 50 BDKs)
  • Performance: up to 100 payment decryption operations per second
  • Key Generation: no more than 1 key generation per second
  • REST API interface to the container: See the P2PE REST API for more information.
  • Supported Mechanisms: See the P2PE CLI for more information.

Requirements:

  • Compatible container environment (e.g. Docker or Kubernetes)
  • Client Network Connectivity over port 443 to the HSM datacenter in your selected region and your tenant’s provisioning platform URL