Your DPoD platform account has a specific tenant role. Tenant roles provide users different levels of access to data and services. The platform has the following tenant roles:
- Service Provider Admin/Administrator
- Tenant Admin/Administrator
- Application Owner
A restricted subscriber tenant role that can provision and use services.
Often the entity using a service instance will be a piece of software, however, this does not need to be the case. For the purposes of the OSB API specification, the term "application" is used to represent all entities that might make use of, and be bound to, a service instance.
For example, in the case of the Luna Cloud HSM Service, the Luna Cloud HSM Service Client is the application.
A client is a computer hardware device or software that accesses a service made available by a server. The server is often (but not always) located on a separate physical computer.
A single instance of a Luna Cloud HSM Service Client connected to a service. Services may support multiple client connections depending on the use case.
User credentials or DPoD API platform or service credentials used for accessing and managing a tenant or a tenants services.
- Platform Credentials - allows the user to manage tenants, users and reports
- Service Credentials - allows the user to view the service details and create and delete clients
Blanket term for collection of cryptographic services available through the platform or marketplace or for the cryptographic keys and certificates stored on an HSM partition.
Thales platform and marketplace offering.
A DPoD platform instance with its own unique hostname. Tenant type where users can manage, distribute and access services.
- Parent Tenant - A DPoD tenant which your current tenant resides under in the tenant hierarchy. Thales service provider tenants, or private service providers are typical parent tenants.
- Child Tenant - A DPoD tenant which resides under your current tenant in the tenant hierarchy. Subscriber Tenants or sub-Service Provider Tenants are typical child tenants.
The entitlement ID (EID) is the authorization with which the acquired license can be activated online.
A non-DPoD marketplace where a user can provision Thales services.
Thales service availability on external marketplaces is limited at this time. Currently, only the Thales Key Broker for Google Cloud EKM service is available from the Google Cloud marketplace. Eventually Luna Cloud HSM Services, CipherTrust Key Management, and payShield Cloud services may be available from external marketplaces.
Federal Information Processing Standards (FIPS) refers to a limited set of cryptographic algorithms that adhere to the standards and requirements of the NIST. Luna Cloud HSM Services can be configured in FIPS and non-FIPS modes.
Hardware Security Module
Hardware Security Modules (HSMs) are dedicated systems that physically and logically secure cryptographic keys and perform cryptographic processing. The purpose of an HSM is to protect sensitive data from being stolen by providing a highly secure operation structure. HSMs are fully contained and complete solutions for cryptographic processing, key generation, and key storage.
The tenant hostname portion of the FQDN in the service provider tenant or subscriber tenant URL. If you access your tenant at https://thales-dpod.na.market.dpondemand.io, your tenant domain/hostname is
An Identity Provider (IDP) is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. A trusted provider that lets you use Single Sign-On (SSO) to access other websites, i.e external marketplaces.
A service that acts as an intermediary between a user and a key store.
Refer to keys based on context and/or service use case.
- Service keys - keys created on/using the service
- Public/private key - example key based on service use case
Luna Cloud HSM
A database hosted HSM that a user can access remotely over the internet.
Luna Cloud HSM Service
Service that provides users with remote access to an HSM partition.
Luna Cloud HSM Service Client
A variation on the Luna Universal Client. A software package configured to connect to a Luna Cloud HSM Service. The Luna Cloud HSM Service Client is the service binding on the application.
An online platform which initiates, facilitates, coordinates and concludes buying and selling of services between service seekers and service providers. A marketplace plays a direct role in the transaction itself, from managing payments to ensuring that the product or service is delivered.
Make a file or group of files in a file system structure accessible to a user, user group, or application.
A type of architecture where a single instance of software runs on a server and serves multiple customers. In a multi-tenant environment, separate customers tap into the same hardware and data storage, creating a dedicated instance for each customer.
The Thales operator. Top-level administrator of the platform for all tenants and services.
A secure memory area, or 'Virtual HSM', within a physical HSM. The partition is accessed by the Luna Client application to perform cryptographic operations.
The software that will manage the cloud environment into which applications are provisioned and service brokers are registered. Users do not directly provision services from service brokers, they have the platform manage the services and interact with the service brokers on the users behalf.
Users can access the DPoD platform through a UI or API.
The act of reserving a resource on a service. A reserved resource is called a service instance.
Geographic location of tenant and service database.
The authentication credentials used by the Luna Cloud HSM Service Client to securely connect to the HSM back end. The secret set credentials are identified by the AuthTokenConfigURI, AuthTokenClientId, and the AuthTokenClientSecret values inside of the crystoki.ini (Windows) or the Chrystoki.conf (Linux) files.
Managed software offering that can be used by an application. Services typically expose some API that can be invoked to perform some action. There can also be non-interactive services that can perform the desired actions without direct prompting from the application.
The request to use a service instance. As part of this request, there might be a reference to the entity, also known as the application, that will use the service instance. Service bindings will often contain the credentials that can then be used to communicate with the service instance. What a service binding contains will often vary by service. In general, creation of a service binding either generates credentials necessary for accessing the resource, or provides the service instance with information for a configuration change.
Service brokers manage the life cycles of services. Platforms interact with service brokers to provision and manage service instances and service bindings. The service broker is the component of the service that implements the service broker API, for which a platform is the client. Service brokers advertise a catalog of service offerings and service plans on the platform. Service brokers act on requests from the platform for provisioning, de-provisioning, binding and unbinding.
The service collections offered by the DPoD marketplace. Service categories include Luna Cloud HSM Services and CipherTrust Key Management Services.
The number of services that the subscriber tenant has committed to using with the platform provider. Tenant administrators and application owners can provision services that are not identified in a service elections form and the subscriber tenant is charged for those services.
An instantiation of a service offering and service plan. A reserved portion of a service. What a service instance represents can vary by service. Examples include a single database on a multi-tenant server, a dedicated cluster, or an account on a web application.
The advertisement of a service that a service broker supports. The DPoD service offering is the list of available services in a tenant.
The representation of the costs and benefits for a given variant of the service offering, potentially as a tier.
Service Provider Tenant
A DPoD platform instance with its own unique hostname. Tenant type where users can manage subscriber tenants and users, and distribute services.
- Parent Tenant - A DPoD tenant which your current tenant resides under in the tenant hierarchy. Thales service provider tenants, or private service provider tenants are typical parent tenants.
- Child Tenant - A DPoD tenant which resides under your current tenant in the tenant hierarchy. Subscriber Tenants or sub-service provider tenants are typical child tenants.
Service Provider Admin/Administrator
A service provider tenant role that manages a service provider tenant, and distributes services through subscriber tenants.
- Primary administrator the administrator account registered on tenant creation.
- Secondary administrator an administrator account created by the primary to assist with tenant management.
The maximum number of Luna Cloud HSM Services that can be created in the subscriber tenant. The Luna Cloud HSM Service quota applies to the Luna Cloud HSM Services category only; other services are not affected.
The unique identifier for the specific service within a service category.
A group of subscriber tenant users with common access to a set of service instances.
A subscriber tenant role that manages a subscriber tenant, and manages, distributes, provisions, and uses marketplace services.
The GUI interface that the user logs in to to administer users or services in their tenant.
Tenant Restricted Marketplace
A DPoD tenant which has a limited subset of available services that the administrator has chosen to make available.