Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Connecting to the payShield Cloud HSM Service

AWS Connectiontion Guide

search

AWS Connectiontion Guide

The following are the detailed steps on how to implement the remote management and application connections to your cloud HSMs under subscription via Amazon Web Services (AWS).

Please validate the appropriate combination of region and location:

Location Region
Equinix DC2/DC11, Ashburn, VA us-east-1
Equinix AM3, Amsterdam eu-central-1
Equinix FR5, Frankfurt eu-central-1

  1. Share the Account ID with Thales in the On-boarding form - TO BE HYPERLINKED.

    Thales uses the Account ID to create Primary and Secondary connections from the hosted HSM to AWS and sends a confirmation regarding the setup of primary and secondary connection.

  2. Login to your Amazon Web Services account.

  3. Create Virtual Private Cloud (VPC) by entering VPC in the search bar, and press return.

  4. Select Create VPC.

    The Create VPC screen appears.

  5. Select the appropriate VPC resource you need to create.

  6. Click View VPC.

  7. Type Direct Connect in the search bar, and press enter on the keyboard.

  8. From the left menu, select Connections.

  9. Select the hosted connections – Primary as well as Secondary, and choose View details.

  10. Select the confirmation check box and choose Accept connection.

    After accepting both the connections, the state changes to “available”.

    The next step is to configure the Direct Connect Gateways.

  11. Type Direct Connect Gateways in the search bar, and press enter on the keyboard.

  12. Select the Direct Connect gateways option.

    The Create Direct Connect gateway screen appears.

  13. Enter the following details:

    • Name of the gateway as per your preference
    • Amazon-side ASN i.e., the Autonomous System Number for the gateway

  14. Click Create Direct Connect gateway.

    It is now time to create a Virtual Interface for the hosted Primary and Secondary hosted connections.

  15. Type Virtual Interface in the search bar.

  16. Select the Virtual Interfaces from the results appeared on the screen.

    You will be directed to Create virtual interface window.

  17. Select the type of the virtual interface as Private in the Virtual interface type section.

  18. In the Private virtual interface settings section, fill-in the following details:

    a. Enter the name of the virtual interface
    b. Select the appropriate connection using the dropdown arrow
    c. Virtual interface owner – My AWS account
    d. Gateway type – Direct Connect Gateway

    Select the Direct Connect gateway created in above steps.

    e. BGP ASN:

    Region Data Center Peer ASN
    US East US DC13 65013
    US East US CU02 65014
    EU West NL AM02 65021
    EU West DE FR04 65022

  19. Select Create virtual interface.

    Repeat the above steps to create virtual interface for the secondary hosted connection.

  20. Select the Direct Connect gateways from the left-hand menu.

  21. Select the Direct Connect gateways created in the above steps.

    Under “Virtual interface attachments” two virtual interfaces display with state “attached”.

  22. Type “Virtual Private Gateways” in the search bar, and press enter.

  23. Select Virtual private gateways from the list displayed, and configure the gateway as shown below.

    In the Details section,:

    a. Enter the name tag (optional).
    b. Select Amazon default ASN as the Autonomous System Number (ASN).

  24. Select Create virtual private gateway.

  25. Select the virtual private gateway created in above steps, and from the Actions, select Attach to VPC.

  26. On Attach to VPC screen, select an available VPC from the Available VPCs drop down list.

  27. Click Attach to VPC.

  28. Select the Direct Connect gateway in left menu and the gateway created in the above steps displays.

  29. Select Gateway associations tab, and then select Associate gateway.

    You will be directed to the Associate gateway screen.

  30. In the Association settings, select a Virtual Private gateway created in above steps using the drop-down list and click Associate gateway.

  31. Select Virtual interface on the left-hand menu.

    Two virtual interfaces created (one for each hosted connection) display on the screen.

  32. Select each virtual interface at a time and share the below information to Thales to complete the BGP connection:

    • VLAN
    • BGP authentication key
    • Your router peer IP
    • Amazon router peer IP

    At this stage, the BGP status displays as “down”.

    Thales configures the BGP connection using the above information provided. After successful setup, the BGP status changes to “up” as shown in the image below.

  33. Create a Virtual Machine and add it to the same VPC network.

Use the virtual machine to connect to the payShield HSM to commission it using payShield Manager.

On this page