Provision Service
Luna Cloud HSM Services provide users remote access to a HSM partition. You connect to your Luna Cloud HSM Service using a client. See Luna Cloud HSM Services Supported Client Platforms for a complete list of supported client platforms and supported cryptographic APIs.
Luna Cloud HSM service partitions are available in both FIPS and non-FIPS modes.
- FIPS mode partitions provide access to a limited set of FIPS approved cryptographic algorithms that adhere to the standards and requirements of the NIST. FIPS mode partitions use the latest FIPS 140-2 level 3 certified firmware.
- Non-FIPS mode partitions provide access to an unrestricted set of cryptographic algorithms that includes the algorithms from the FIPS list as well as additional algorithms such as elliptic curves. Non-FIPS mode partitions use the latest firmware which includes updates, bug fixes and enhancements. As a result, non-FIPS partitions may be using a firmware which is not FIPS certified.
Refer to the Mechanisms List for a list of available FIPS and non-FIPS mechanisms.
To verify if your partition is using a FIPS certified firmware access the Cryptographic Module Validation Program and search for Vendor: Thales and Module Name: SafeNet Cryptovisor K7 + Cryptographic Module. Compare the certified firmware versions with the CV firmware version that is displayed when you launch lunacm and connect to your HSM partition.
A DPoD subscriber tenant is required to provision a service. See Registering as a Subscriber Tenant for more information about creating a DPoD Subscriber Tenant and associated Tenant Administrator account. Tenant administrators can provision a service or create an application owner account to provision services.
-
Log in to your DPoD enterprise tenant as a user with tenant administrator or application owner privileges.
-
Open the Services tab and select the Add Service heading. Navigate the marketplace categories and click Create Service on the service that you would like to provision. If you have not Purchased a Service Subscription or previously completed a trial for the service, the option will display as Try Service.
-
The Add Service wizard displays. Review the Terms of Service and click Next.
-
On the Configure Service page, enter the required criteria for the service. You can optionally enable the use of algorithms that are not FIPS compliant by selecting the Remove FIPS restrictions check box.
Caution
You cannot alter the FIPS setting after creating the service.
Click Next.
-
Review your configuration summary page, and if you are satisfied click Finish. If you would like to adjust the service configuration click Go Back.
DPoD initializes provisioning of the service, this may take a few moments. After provisioning completes the service will be visible under the View Services table in DPoD with the
Provisionedstatus.
Luna Cloud HSM Services are available from the following external service marketplaces:
When you provision a Luna Cloud HSM Service through an external marketplace a Thales Data Protection on Demand subscriber tenant is generated and the user is registered as the primary tenant administrator. The DPoD Subscriber Tenant provides access to features such as Reporting and User and Account Management. For more information about DPoD and Tenants see the DPoD Platform Documentation.
Luna Cloud HSM Services provisioned through external marketplaces do not benefit from the following DPoD features: Service Credentials, Purchasing a Service Subscription through DPoD marketplace.
Once the Luna Cloud HSM Service is provisioned you require a client to connect to and communicate with the service partition. See Configure Service Client for more information.
