Overview
CloudHSM offers a range of service packages designed to meet varying architecture, capacity, and performance needs. Choose from dedicated or shared HSM options, tailored to your requirements, including flexible solutions for production, testing, and hosted environments.
Shared HSMs
- CloudHSM Economy (ECO) is a multi-tenant HSM service. The subscriber obtains unique access to his partition on an HSM cluster for secure key storage and usage. The clusters in these packages are formed by 2 active HSMs in 2 active Datacenters and a third HSM in an Nato Zone 2 Electro Magnetic Puls protected bunker in the alps which serves as a backup and desaster recovery facility.
- CloudHSM Economy Certified is operated in Common Criteria mode and is certified according CC EN 419 221-5 which is relevant for eIDAS compliant qualified signatures.
- CloudHSM Sandbox (SB)X is our dedicated package for integration and pre-production testing. Firmware updates will be deployed first on CloudHSM Sandbox (SBX) for customer testing and verification, before being rolled out to the service in production environment CloudHSM Economy (ECO), Certified and Platinum production environments.
- CloudHSM Bring Your Own Key is a multi-tenant HSM service with a 1MB capacity.
A partition is defined as the amount of user space in megabytes (MB) allocated on each HSM in the cluster for storing objects and partition logs.
Dedicated HSMs
- CloudHSM Platinum is a managed service of a dedicated HSM. Starting from two HSM devices, the subscriber decides on the cluster size, number of partitions, capacity and deployment locations in our worldwide datacenters. For more information and options, please contact Securosys sales.
- HSM Operation Service (HOS) is a managed service of your purchased Primus HSM within the CloudHSM environment.
Service Package Comparison
Economy (ECO) | Economy Certified (ECO CC) | Sandbox (SBX) | Platinum | HSM Operation Service (HOS) | Bring Your Own Key (BYOK) | |
---|---|---|---|---|---|---|
Subscription Type | ||||||
Platform | 3 HSM in 3 data centers | 3 HSM in 3 data centers | 2 HSM in 2 data centers (Testing) | 3 HSM in 3 data centers | ||
Performance (Sig./Min) | ||||||
Capacity | ||||||
Support Availability Response time (critical/major/minor) | 2/8/24h | 2/8/24h | 8/12/24h | 2/8/24h | 2/8/24h | 2/8/24h |
Partition Remote Administration
By default, Securosys provides support to perform any changes you request on your HSM.
However, with our Decanus Terminal’s Partition Administration you also have the option to fully control access to your HSM partition. This includes making configuration changes, downloading backups, and even disabling HSM administrators' access to your partition. This way, you benefit from the security advantages of your own HSM without the usual headaches and costs.
Configuration Options
All CloudHSM service packages can be individually configured with regards to the required API integration and optional packages for Crypto Currencies, Smart Key Attributes, Post-Quantum Cryptographic (PQC) Algorithms and Transaction Security Broker.
Furthermore, in the Partition Security Policy, you can configure policy settings for Key Import, Key Export and Key Invalidation. Additionally, access to the CloudHSM partition can be restricted to a list of whitelisted source IP addresses.