Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Getting Started

How to Subscribe to the payShield Cloud HSM Service

search
printsuggest an edit

How to Subscribe to the payShield Cloud HSM Service

Please contact your local Thales Account Manager or Authorized Reseller for more information on how you can subscribe to this service.

copy link to clipboardOn-boarding Process

Thales promises a smooth on-boarding process to the users of payShield Cloud HSM service. The on-boarding steps are easy to follow as mentioned below:

On-boarding Steps

  1. Data Center Selection: Thales hosts the HSMs in its secure data centers. It is recommended to select the hosted HSM region as much as close to the payment application region. Example: US-East.

  2. HSM Subscriptions: Decide the number of HSMs subscriptions as per your requirement in terms of use cases and risk profile.

    note

    Note

    Customers can opt to subscribe to HSMs in one or multiple data centers.

  3. Performance Option: Thales offers access to HSMs via a flexible subscription service – 60, 250 and 2500 cps performance options are available. Determine the subscription tier as per the payment workload.

  4. On-boarding form: You must complete the on-boarding form supplied by Thales. The information provided will be used by Thales to establish the connection between the customer cloud provider you have selected and the payShield Cloud HSM service.

    Pre-requisites to complete the on-boarding form.

    a. Create your cloud setup as specified in Connecting to payshield Cloud HSM Service.

    b. After the cloud setup is complete, you are required to provide the following information in the form.

    Cloud Provider Tenant ID Region
    Amazon AWS Customer Account ID E.g., us-east-1
    MS Azure ExpressRoute Service Key E.g., East US
    Google GCP Interconnect Pairing Key E.g., us-east4

    c. For each HSM subscription, share the HSM and host application specific network details.

    HSM Network Configuration Details
    HSM Host port IP address
    NOTE: Host 1 and Host 2 should be in the same subnet.    		 • Host 1 and Host 2 IP
    • Subnet Mask
    • Gateway IP
    Host Application IP range E.g., 10.1.0.0/24
    HSM Management port IP address • Management IP
    • Subnet Mask
    • Gateway IP
    Management Application IP range E.g., 10.1.2.0/24

  5. Place Order: After you have decided on the specification, you can then proceed with ordering the subscription(s) in question. Login to DPoD platform and place your request for payShield Cloud HSM service (view section Service Provisioning on DPoD).

  6. HSM Provisioning: Thales provisions the HSM(s) on your behalf and configures the host and management IP as per the details shared in the on-boarding form.

  7. HSM De-provisioning: After your subscription term is over, you must release the device via payShield Manager and then de-provision the service from DPoD Marketplace.

    caution

    Caution

    If the customer fails to release the HSM, for any reason whatsoever, Thales holds the right to reclaim the HSM and restore it to factory settings.

    note

    Note

    • Thales has access to the HSM Auxiliary port to provision and de-provision the HSM. Thales does NOT have access to the crypto operations and LMK(s) in the HSM.
    • After Thales has configured the host and management port IP addresses, you’ll not be able to make any changes.

  8. Customer Dedicated Environment: Thales shares the information about the provisioned HSM and customer cloud tenant details to the service provider to create a dedicated customer environment. The customer environment connects the provisioned HSMs to the customer cloud instance.

    note

    Note

    • Additional information will be required from customer to complete the connection between the hosted HSM and the public cloud instance. The additional information will be requested from Thales during order fulfillment.
    • Each customer environment created is separate from other environment.

  9. Perform HSM Configuration: Customer connects to the payShield HSM for HSM configuration and LMK management. Your applications connect to HSMs residing in the data center via high performance and secure communication link. At this stage, you have the full remote control and management of HSMs. Subscription to payShield Cloud HSM helps to deploy new HSMs for development, test, or production in days rather than weeks. Thales has no access to your sensitive data or cryptographic keys.

On this page

    Float Icon 5