Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Luna Cloud HSM Services

Provision Service

search
printsuggest an editpdf paneldownload

Provision Service

Luna Cloud HSM Services provide users remote access to a HSM partition. You connect to your Luna Cloud HSM Service using a client. See Luna Cloud HSM Services Supported Client Platforms for a complete list of supported client platforms and supported cryptographic APIs.

Luna Cloud HSM service partitions are available in both FIPS and non-FIPS modes.

  • FIPS mode partitions provide access to a limited set of FIPS approved cryptographic algorithms that adhere to the standards and requirements of the NIST. FIPS mode partitions use the latest FIPS 140-2 level 3 certified firmware.
  • Non-FIPS mode partitions provide access to an unrestricted set of cryptographic algorithms that includes the algorithms from the FIPS list as well as additional algorithms such as elliptic curves. Non-FIPS mode partitions use the latest firmware which includes updates, bug fixes and enhancements. As a result, non-FIPS partitions may be using a firmware which is not FIPS certified.

Refer to the Mechanisms List for a list of available FIPS and non-FIPS mechanisms.

To verify if your partition is using a FIPS certified firmware access the Cryptographic Module Validation Program and search for Vendor: Thales and Module Name: SafeNet Cryptovisor K7 + Cryptographic Module. Compare the certified firmware versions with the CV firmware version that is displayed when you launch lunacm and connect to your HSM partition.

A DPoD subscriber tenant is required to provision a service. See Registering as a Subscriber Tenant for more information about creating a DPoD Subscriber Tenant and associated Tenant Administrator account. Tenant administrators can provision a service or create an application owner account to provision services.

  1. Log in to your DPoD enterprise tenant as a user with tenant administrator or application owner privileges.

  2. Open the Services tab and select the Add Service heading. Navigate the marketplace categories and click Create Service on the service that you would like to provision. If you have not Purchased a Service Subscription or previously completed a trial for the service, the option will display as Try Service.

  3. The Add Service wizard displays. Review the Terms of Service and click Next.

  4. On the Configure Service page, enter the required criteria for the service. You can optionally enable the use of algorithms that are not FIPS compliant by selecting the Remove FIPS restrictions check box.

    Caution

    You cannot alter the FIPS setting after creating the service.

    Click Next.

  5. Review your configuration summary page, and if you are satisfied click Finish. If you would like to adjust the service configuration click Go Back.

    DPoD initializes provisioning of the service, this may take a few moments. After provisioning completes the service will be visible under the View Services table in DPoD with the Provisioned status.

Luna Cloud HSM Services are available from the following external service marketplaces:

When you provision a Luna Cloud HSM Service through an external marketplace a Thales Data Protection on Demand subscriber tenant is generated and the user is registered as the primary tenant administrator. The DPoD Subscriber Tenant provides access to features such as Reporting and User and Account Management. For more information about DPoD and Tenants see the DPoD Platform Documentation.

Luna Cloud HSM Services provisioned through external marketplaces do not benefit from the following DPoD features: Service Credentials, Purchasing a Service Subscription through DPoD marketplace.

Once the Luna Cloud HSM Service is provisioned you require a client to connect to and communicate with the service partition. See Configure Service Client for more information.

On this page

    Float Icon 5