Luna Cloud HSM Services
Luna Cloud HSM Services were formerly known as
HSM on Demand or
Luna Cloud HSM Services are a collection of service tiles that provide a user with software access to a Hardware Security Module (HSM) over the internet, with specific subscription options based on the encryption use case. Luna Cloud HSM Services can be used for the following cryptographic operations:
- Key wrapping
- Key storage
- Code signing
Users download and configure an Luna Cloud HSM Service Client to access an Luna Cloud HSM Service. Luna Cloud HSM Services can be integrated with third party applications to increase application security. See Integrations for more information about available third party application integration guides.
See Adding a Luna Cloud HSM Service for more information about deploying a Luna Cloud HSM Service and downloading the initial Luna Cloud HSM Service Client.
See Configuring an Luna Cloud HSM Service Client for more information about downloading an Luna Cloud HSM Service Client that is bound to a service and configuring the Luna Cloud HSM Service Client to securely access the service.
See HSM Client Guides for detailed information on the Luna Cloud HSM Service partition.
See Luna Cloud HSM Service Supported Client Platforms for more information about supported operating systems and where you can deploy your Luna Cloud HSM Service Client.
Luna Cloud HSM Services can be configured in both FIPS and non-FIPS mode. Federal Information Processing Standards (FIPS) mode services provide access to a limited set of cryptographic algorithms that adhere to the standards and requirements of the NIST. Non-FIPS mode provides access to a less restricted set of cryptographic algorithms, that include the algorithms from the FIPS list. See the FIPS Compliance FAQs for more information about the latest FIPS updates. The Luna Cloud HSM Service FIPS setting is configured when Adding the service.
For more information on how the connection to the HSM is secured, see the section Luna Cloud HSM Service Client Communication Protection.
We recommend downloading a new Luna Cloud HSM Service Client for your Luna Cloud HSM Service regularly to gain access to the latest bug fixes, firmware updates, cryptographic utilities, enhanced performance and improved service resilience. For more information, see Upgrading your Luna Cloud HSM Service.
Luna Cloud HSM Services Tiles
Your enterprise tenant may grant you access to any of the following Luna Cloud HSM Services:
- HSM on Demand: Set up and access an HSM on Demand service for your organization's cryptographic operations.
- HSM on Demand for Cyberark: Secure CyberArk Privileged Access Security Solution's top-level encryption key in an HSM.
- HSM on Demand for Digital Signing: Digitally sign software and firmware packages or electronic documents to ensure the integrity of the sender.
- HSM on Demand for Hyperledger: Bringing trust to blockchain transactions to perform the required crypto operations across the distributed system.
- HSM on Demand for Java Code Signer: Sign Java artifacts using an encryption key generated on an HSM.
- HSM on Demand for Microsoft ADCS: Secure your Microsoft Root Certificate Authority (CA) signing keys in an HSM.
- HSM on Demand for Microsoft Authenticode: Generate and secure your Microsoft Authenticode certificates on an HSM on Demand service.
- HSM on Demand for Microsoft SQL Server: Off-load Microsoft SQL Server crypto operations to an HSM on Demand service to improve performance and security.
- HSM on Demand for Private Key Protection: Secure private keys belonging to Certificate Authorities responsible for establishing a PKI trust hierarchy.
- HSMoD for Oracle TDE: Ensure that Oracle TDE data encryption keys are protected by a master key that resides within the HSM.
- HSM on Demand with Key Export: Set up and access an HSM on Demand service, with private key export, for your organization's cryptographic operations.
- Luna HSM Backup: Backup and restore for your organization's on-premises Luna HSMs.
If you identify a service that is not available from your tenant portal, that you would like to use, contact your tenant administrator and request that they enable the service. See Configuring Available Services. Some Data Protection on Demand services have unique provisioning paths, such as accessing through a partner marketplace. Consult the service documentation for further details about adding services.