Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

back

Luna Cloud HSM Services

Provision Service

search

Provision Service

Provision Service

Luna Cloud HSM Services provide users remote access to a HSM partition. You connect to your Luna Cloud HSM Service using a Luna Cloud HSM Service Client. See Luna Cloud HSM Services Supported Client Platforms for a complete list of supported Luna Cloud HSM Service Client platforms and supported cryptographic APIs.

Windows systems are restricted to a single Luna Cloud HSM Service Client per system. Adding a second Luna Cloud HSM Service Client to a Windows operating system will overwrite the original Luna Cloud HSM Service Client configuration. Please consider this limitation when planning your service configuration.

Application owners can provision services using the DPoD tenant marketplace. Once a service is created, the user downloads a Luna Cloud HSM Service Client to connect the service to a client machine.

Luna Cloud HSM service partitions are available in both FIPS and non-FIPS modes.

  • FIPS mode partitions provide access to a limited set of FIPS approved cryptographic algorithms that adhere to the standards and requirements of the NIST. FIPS mode partitions use the latest FIPS 140-2 level 3 certified firmware.
  • Non-FIPS mode partitions provide access to an unrestricted set of cryptographic algorithms that includes the algorithms from the FIPS list as well as additional algorithms such as elliptic curves. Non-FIPS mode partitions use the latest firmware which includes updates, bug fixes and enhancements. As a result, non-FIPS partitions may be using a firmware which is not FIPS certified.

Refer to the Mechanisms List for a list of available FIPS and non-FIPS mechanisms.

To verify if your partition is using a FIPS certified firmware access the Cryptographic Module Validation Program and search for Vendor: Thales and Module Name: SafeNet Cryptovisor K7 + Cryptographic Module. Compare the certified firmware versions with the CV firmware version that is displayed when you launch lunacm and connect to your HSM partition.

Open the Services tab, select the Add New Service heading and click Provision Service on the service tile for the service you want to add.

The Add Service wizard opens.

If using an evaluation tenant, click Try Service instead of Provision Service. See Enterprise Tenants for more information about evaluation tenant capabilities.

Review the "Terms of Services DPoD", check the box accepting these Terms of Service and then click Next.

On the Configure Service page, provide a Service Name. You can optionally enable the use of algorithms that are not FIPS compliant by selecting the Remove FIPS restrictions. check box.

Click Next.

You cannot alter the FIPS setting after creating the service.

Review your configuration summary page and if acceptable, click Finish. If you would like to make changes to the configuration, click Go Back.

The DPoD server prepares the new Luna Cloud HSM Service, this may take a few moments.

Once added, the new service is listed under My Services tab and you are redirected to the Service Page. You create a Luna Cloud HSM Service Client to connect to and communicate with the service partition. See Configure Service Client for more information.