Terminology

Account

Your DPoD platform account has a specific tenant role. Tenant roles provide users different levels of access to data and services. The platform has the following tenant roles:

• Service Provider Admin/Administrator
• Tenant Admin/Administrator
• Application Owner

Application Owner

A restricted subscriber tenant role that can provision and use services.

Application

Often the entity using a service instance will be a piece of software, however, this does not need to be the case. For the purposes of the OSB API specification, the term "application" is used to represent all entities that might make use of, and be bound to, a service instance.

For example, in the case of the Luna Cloud HSM Service, the Luna Cloud HSM Service Client is the application.

Client

A client is a computer hardware device or software that accesses a service made available by a server. The server is often (but not always) located on a separate physical computer.

Client Connection

A single instance of a Luna Cloud HSM Service Client connected to a service. Services may support multiple client connections depending on the use case.

Credentials

User credentials or DPoD API platform or service credentials used for accessing and managing a tenant or a tenants services.

• Platform Credentials - allows the user to manage tenants, users and reports
• Service Credentials - allows the user to view the service details and create and delete clients

Cryptographic Resources

Blanket term for collection of cryptographic services available through the platform or marketplace or for the cryptographic keys and certificates stored on an HSM partition.

DPoD

Thales platform and marketplace offering.

**Subscriber Tenant **

A DPoD platform instance with its own unique hostname. Tenant type where users can manage, distribute and access services.

• Parent Tenant - A DPoD tenant which your current tenant resides under in the tenant hierarchy. Thales service provider tenants, or private service providers are typical parent tenants.
• Child Tenant - A DPoD tenant which resides under your current tenant in the tenant hierarchy. Subscriber Tenants or sub-Service Provider Tenants are typical child tenants.

Entitlement ID

The entitlement ID (EID) is the authorization with which the acquired license can be activated online.

External Marketplace

A non-DPoD marketplace where a user can provision Thales services.

Thales service availability on external marketplaces is limited at this time. Currently, only the Thales Key Broker for Google Cloud EKM service is available from the Google Cloud marketplace. Eventually Luna Cloud HSM Services, CipherTrust Key Management, and payShield Cloud services may be available from external marketplaces.

FIPS

Federal Information Processing Standards (FIPS) refers to a limited set of cryptographic algorithms that adhere to the standards and requirements of the NIST. Luna Cloud HSM Services can be configured in FIPS and non-FIPS modes.

Hardware Security Module

Hardware Security Modules (HSMs) are dedicated systems that physically and logically secure cryptographic keys and perform cryptographic processing. The purpose of an HSM is to protect sensitive data from being stolen by providing a highly secure operation structure. HSMs are fully contained and complete solutions for cryptographic processing, key generation, and key storage.

Hostname

The tenant hostname portion of the FQDN in the service provider tenant or subscriber tenant URL. If you access your tenant at https://thales-dpod.na.market.dpondemand.io, your tenant domain/hostname is thales-dpod.

Identity Provider

An Identity Provider (IDP) is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. A trusted provider that lets you use Single Sign-On (SSO) to access other websites, i.e external marketplaces.

Key Broker

A service that acts as an intermediary between a user and a key store.

Keys

Refer to keys based on context and/or service use case.

• Service keys - keys created on/using the service
• Public/private key - example key based on service use case

Luna Cloud HSM

A database hosted HSM that a user can access remotely over the internet.

Luna Cloud HSM Service

Service that provides users with remote access to an HSM partition.

Luna Cloud HSM Service Client

A variation on the Luna Universal Client. A software package configured to connect to a Luna Cloud HSM Service. The Luna Cloud HSM Service Client is the service binding on the application.

Marketplace

An online platform which initiates, facilitates, coordinates and concludes buying and selling of services between service seekers and service providers. A marketplace plays a direct role in the transaction itself, from managing payments to ensuring that the product or service is delivered.

Mount

Make a file or group of files in a file system structure accessible to a user, user group, or application.

Multi-tenant

A type of architecture where a single instance of software runs on a server and serves multiple customers. In a multi-tenant environment, separate customers tap into the same hardware and data storage, creating a dedicated instance for each customer.

Operator

The Thales operator. Top-level administrator of the platform for all tenants and services.

Partition

A secure memory area, or 'Virtual HSM', within a physical HSM. The partition is accessed by the Luna Client application to perform cryptographic operations.

Platform

The software that will manage the cloud environment into which applications are provisioned and service brokers are registered. Users do not directly provision services from service brokers, they have the platform manage the services and interact with the service brokers on the users behalf.

Users can access the DPoD platform through a UI or API.

Provisioning

The act of reserving a resource on a service. A reserved resource is called a service instance.

Region

Geographic location of tenant and service database.

Secret set

The authentication credentials used by the Luna Cloud HSM Service Client to securely connect to the HSM back end. The secret set credentials are identified by the AuthTokenConfigURI, AuthTokenClientId, and the AuthTokenClientSecret values inside of the crystoki.ini (Windows) or the Chrystoki.conf (Linux) files.

Service

Managed software offering that can be used by an application. Services typically expose some API that can be invoked to perform some action. There can also be non-interactive services that can perform the desired actions without direct prompting from the application.

Service Binding

The request to use a service instance. As part of this request, there might be a reference to the entity, also known as the application, that will use the service instance. Service bindings will often contain the credentials that can then be used to communicate with the service instance. What a service binding contains will often vary by service. In general, creation of a service binding either generates credentials necessary for accessing the resource, or provides the service instance with information for a configuration change.

Service Broker

Service brokers manage the life cycles of services. Platforms interact with service brokers to provision and manage service instances and service bindings. The service broker is the component of the service that implements the service broker API, for which a platform is the client. Service brokers advertise a catalog of service offerings and service plans on the platform. Service brokers act on requests from the platform for provisioning, de-provisioning, binding and unbinding.

Service Categories

The service collections offered by the DPoD marketplace. Service categories include Luna Cloud HSM Services and CipherTrust Key Management Services.

Service Elections

The number of services that the subscriber tenant has committed to using with the platform provider. Tenant administrators and application owners can provision services that are not identified in a service elections form and the subscriber tenant is charged for those services.

Service Instance

An instantiation of a service offering and service plan. A reserved portion of a service. What a service instance represents can vary by service. Examples include a single database on a multi-tenant server, a dedicated cluster, or an account on a web application.

Service Offering

The advertisement of a service that a service broker supports. The DPoD service offering is the list of available services in a tenant.

Service Plan

The representation of the costs and benefits for a given variant of the service offering, potentially as a tier.

Service Provider Tenant

A DPoD platform instance with its own unique hostname. Tenant type where users can manage subscriber tenants and users, and distribute services.

• Parent Tenant - A DPoD tenant which your current tenant resides under in the tenant hierarchy. Thales service provider tenants, or private service provider tenants are typical parent tenants.
• Child Tenant - A DPoD tenant which resides under your current tenant in the tenant hierarchy. Subscriber Tenants or sub-service provider tenants are typical child tenants.

Service Provider Admin/Administrator

A service provider tenant role that manages a service provider tenant, and distributes services through subscriber tenants.

• Primary administrator the administrator account registered on tenant creation.
• Secondary administrator an administrator account created by the primary to assist with tenant management.

Service Quota

The maximum number of Luna Cloud HSM Services that can be created in the subscriber tenant. The Luna Cloud HSM Service quota applies to the Luna Cloud HSM Services category only; other services are not affected.

Service Type

The unique identifier for the specific service within a service category.

Subscriber Group

A group of subscriber tenant users with common access to a set of service instances.

Tenant Admin/Administrator

A subscriber tenant role that manages a subscriber tenant, and manages, distributes, provisions, and uses marketplace services.

Tenant Portal/Instance/GUI

The GUI interface that the user logs in to to administer users or services in their tenant.

Tenant Restricted Marketplace

A DPoD tenant which has a limited subset of available services that the administrator has chosen to make available.