Services
Luna Cloud HSM Services
Luna Cloud HSM Service Integrations
CipherTrust Key Management Services
- Key Broker for Salesforce
  - Adding a Key Broker for Salesforce Service
  - Managing a Key Broker for Salesforce Service
  - Setting a Rotation Policy
  - Migrating Key Broker for Salesforce to CipherTrust Data Security Platform as a Service
- Key Broker for Google Cloud EKM
  - Service Guide
  - Key Setup Guide
  - Key Use Guide
  - Frequently Asked Questions
  - Migrating Key Broker for Google Cloud EKM to CipherTrust Data Security Platform as a Service
- CipherTrust Data Security Platform as a Service
payShield Cloud Services
- payShield Cloud HSM Service
  - Service Overview
  - Prerequisites
  - Getting Started
    - payShield Cloud HSM Configuration/Subscription Options
    - How to Subscribe to the payShield Cloud HSM Service
  - Service Specifications
  - Connecting to the payShield Cloud HSM Service
    - Azure Connection Guide
      - Create Express Route connection
      - Create a Virtual Network
      - Create a Virtual Network Gateway
    - GCP Connection Guide
    - AWS Connectiontion Guide
  - Service Provisioning from DPoD Platform
    - Trial Tier Provisioning
    - Production Tier Provisioning
    - View Sevice Status
  - HSM Management using payShield Manager
    - Preparing for HSM Commission
      - Install Smart Card Reader Driver
      - Check Your Proxy Configuration
      - Additional Steps for the First Time Users
      - Configure the Smart Card Reader
    - Steps to Commission payShield Manager
      - Create a new Security Domain
      - Load / Install the Security Domain
      - Create Left and Right Remote Access Control key cards
    - Adding Another HSM to the Security Domain
    - Transitioning between HSM States via payShield Manager
    - Viewing Network Interfaces in payShield Manager
  - HSM Deprovisioning
  - APPENDIX A - Glossary
  - APPENDIX B - DPoD Errors
- Point-to-Point Encryption
  - Adding a Point-to-Point Encryption Service
  - Using the service
  - P2PE CLI
    - p2pe key
      - p2pe key generate
      - p2pe key list
      - p2pe key delete
      - p2pe key export
    - p2pe service
      - p2pe service init
      - p2pe service changePwd
    - p2pe tls
      - p2pe tls init
      - p2pe tls requestcertificate
      - p2pe tls selfsigncertificate
  - P2PE REST API
  - P2PE errors
  - Service Details
  - Frequently Asked Questions
Partner Services

GCP Connection Guide

The following are the detailed steps on how to implement the remote management and application connections to your cloud HSMs under subscription via Google Cloud Platform.

You must first select the appropriate combination of Region with Provider from the following table:

Provider	Region
Equinix	US-East4 (Northern Virginia)
Equinix	europe-west4 (Netherlands)
Equinix	Europe-west3 (Frankfurt)

Setup Interconnect with GCP

Search marketplace for “Interconnect” and select Get Started.
Select Partner Interconnect Connection, and then click Continue.
Click I ALREADY HAVE A SERVICE PROVIDER.

a. Select an appropriate option for VLAN attachment (The example shown below uses single VLAN.).
b. Select the Network as Default.
c. Select the appropriate region e.g., us-east4 (Northern Virginia) for US East.
To setup VLAN, select Create new router in the Cloud Router field.

The next step is to create a cloud router.
Enter a name in the Name field for the cloud router as per your preference.
Provide a suitable description in the Description section.
Enter BGP peer keepalive interval.
Select Advertise all subnets to the Cloud Router and then select Create.

The next step is to configure the VLAN Cloud Router created in the previous steps.
Enter a VLAN attachment name.
- Provide a suitable Description (optional)
- MTU: 1440
Click Create.

The interconnect attachment creation starts at this point.
Copy Pairing key and select OK.
Provide the Pairing key to Thales in the On-boarding form.

In the image above, interconnect completes with Status as “Waiting for service provider”.
Thales initiates interconnect setup between Google Cloud and HSM.
Once you receive confirmation from Thales, it is now time for you to activate the interconnect.
Click Accept.

After interconnect activation, status changes to “BGP Configuration needed”.
Select CONFIGURE BGP.
Complete as follows:
- Peer ASN:
Region Data Center Peer ASN

US East US DC13 65013

US East US CU02 65014

EU West NL AM02 65021

EU West DE FR04 65022
- BGP peer: Enabled
Click SAVE AND CONTINUE.

The connection status appears Down at this point.
Provide the following information to Thales:

a. VLAN ID
b. Cloud Router IP
c. On Premises Router IP

Wait for the BGP connection status to be “UP”.
Create a Virtual Machine and add it to the same VPC network.

Use the virtual machine to connect to the payShield HSM to commission it using payShield Manager.