Luna Cloud HSM Services provide users remote access to a HSM partition. You connect to your Luna Cloud HSM Service using a client. See Luna Cloud HSM Services Supported Client Platforms for a complete list of supported client platforms and supported cryptographic APIs.
Luna Cloud HSM service partitions are available in both FIPS and non-FIPS modes.
- FIPS mode partitions provide access to a limited set of FIPS approved cryptographic algorithms that adhere to the standards and requirements of the NIST. FIPS mode partitions use the latest FIPS 140-2 level 3 certified firmware.
- Non-FIPS mode partitions provide access to an unrestricted set of cryptographic algorithms that includes the algorithms from the FIPS list as well as additional algorithms such as elliptic curves. Non-FIPS mode partitions use the latest firmware which includes updates, bug fixes and enhancements. As a result, non-FIPS partitions may be using a firmware which is not FIPS certified.
Refer to the Mechanisms List for a list of available FIPS and non-FIPS mechanisms.
To verify if your partition is using a FIPS certified firmware access the Cryptographic Module Validation Program and search for Vendor: Thales and Module Name: SafeNet Cryptovisor K7 + Cryptographic Module. Compare the certified firmware versions with the CV firmware version that is displayed when you launch
lunacm and connect to your HSM partition.
Application owners can provision services using the DPoD tenant marketplace. Once a service is created, the user downloads a client to connect the service to a client machine.
Open the Services tab, select the Add New Service heading and click Provision Service. If you have not submitted a Service Elections form click Try Service.
The Add Service wizard opens.
On the Configure Service page, provide a Service Name. You can optionally enable the use of algorithms that are not FIPS compliant by selecting the Remove FIPS restrictions. check box.
You cannot alter the FIPS setting after creating the service.
Review your configuration summary page and if acceptable, click Finish. If you would like to make changes to the configuration, click Go Back.
The DPoD server prepares the new Luna Cloud HSM Service, this may take a few moments.
Once added, the new service is listed under My Services tab and you are redirected to the Service Page. You create a client to connect to and communicate with the service partition. See Configure Service Client for more information.
Luna Cloud HSM Services are available from the following external service marketplaces:
When you provision a Luna Cloud HSM Service through an external marketplace a Thales Data Protection on Demand subscriber tenant is generated and the user is registered as the primary tenant administrator. The DPoD Subscriber Tenant provides access to features such as Reporting and User and Account Management. For more information about DPoD and Tenants see the DPoD Platform Documentation.