Thales Data Protection on Demand 

https://thalesdocs.com/dpod/support/changelog/index.html

Subscriptions visible through the DPoD Portal

Thales Data Protection on Demand has made the following changes to how billing and service subscriptions work in DPoD:

  • The trial state no longer applies to the tenant, tenants are instead entitled to a 30-day evaluation period for each unique DPoD service type. The trial begins when you first create a new DPoD service of a service type and deleting the service does not stop or pause the trial.
  • The Service Elections submission and approval process remains unchanged, but it now triggers the conversion of trial subscriptions to production subscriptions or directly creates production subscriptions. When a service elections form is processed the selected service types become paid subscriptions.
  • Service providers, tenant administrators and application owners can review their subscription data using the Subscriptions tab in the DPoD GUI.
  • All services of a new service type provisioned after April 15th are "Trial" subscriptions, with a 30-day evaluation. 

Tenants that have an accepted Service Elections form will have the following changes: 

  • All paid subscriptions (DPoD Monthly, DPoD Term, Google) will be visible from the Subscriptions tab in the DPoD GUI.
  • All services created before April 15th under a service elections form become "Term" (or "Uncommitted" if the Term is expired) subscriptions.
  • All services created before April 15th and not under a service elections form become "Uncommitted" subscriptions.

Tenants that do not have an accepted Service Elections form will have the following changes:

  • All existing services become "Trial" subscriptions, beginning April 15th, with a 30-day evaluation. 

Note: If your tenant is unable to retrieve and display subscriptions please contact Thales support to resolve the issue. You will be unable to provision new services until the issue is resolved. 

Deprecated Service Provider Tenant Usage Report and Associated Endpoints

The Service Provider Tenant Usage Report and the associated tenants/usageReport, tenants/usageDetails, and service_instances/usageDetails endpoints are deprecated and will be removed from the platform by the end of 2023. 

As an alternative use the Service Report in the DPoD service provider tenant or the /v1/service_instances/usageBillingReport endpoint, and the /v1/backoffice/serviceAgreements{tenantId} endpoint to compile tenant usage information.

Updated Luna Cloud HSM Service Firmware Versions to Support Universal Cloning in NA and EU Non-FIPS Mode

The firmware versions for Luna Cloud HSM Services operating in NA and EU non-FIPS environments have been updated. The current firmware version based on region and FIPS mode are as follows:

  • NA FIPS - 1.5
  • NA non-FIPS - 2.0
  • EU FIPS - 1.5
  • EU non-FIPS - 2.0 

Universal Cloning

Universal Cloning (CPv4) is now a supported feature when combining UC 10.5.0 and Firmware 2.0. Universal Cloning can be used for key migration to any trusted Thales HSMs that also support the Universal Cloning protocol.

In order to use the Universal Cloning feature, the following must be true:

  • you have a Luna Client at version UC 10.5.0 or newer
  • you have Firmware at version 2.0 or newer
  • the source partition's security policy allows cloning of private and secret keys

NOTE: You can only clone between initialized partitions, and they must have the same cloning domain (secret), which is provided at the time of initialization.

More info can be found here: Universal Cloning.

Deprecated API Parameters on POST /serviceAgreements and GET /serviceAgreements/{tenantId} endpoints

The DPoD Platform API has deprecated the tileId parameter on the POST /serviceAgreements endpoint and the tileName parameter on the GET /serviceAgreements{tenantId} endpoint.

The  tileId parameter on the POST /serviceAgreements and tileName parameter on the GET /serviceAgreements{tenantId} endpoint will be removed from the platform in a future update.

See the Subscriptions API for more information about available endpoints, fields and scopes.


Additional Field is Being Made Mandatory for Service Creation using the API

The servicePlan field is being made mandatory for service creation when using the API, for example when using POST/service_instances or POST/services.

If you use the API to provision services, you will need to pass a value matching one of the plans listed in the Open Service Broker catalog. For Luna Cloud HSM services, you must pass "single_hsm". Failure to pass a valid plan will result in a 400 error.

See the Thales Documentation Portal for more information about available endpoints and fields.

Updated Luna Cloud HSM Service Firmware Versions in NA

The firmware versions for Luna Cloud HSM Services operating in NA environments have been updated. The current firmware version based on region and FIPS mode are as follows:

  • NA FIPS - 1.5
  • NA non-FIPS - 1.5
  • EU FIPS - 1.5
  • EU non-FIPS - 1.6 

FW 1.5 includes improvements to the Point to Point encryption service. FW 1.5 also includes the following bug fixes:

  • SH-4366 - The firmware can create but not import public+sensitive keys. You must specify both CKA_PRIVATE=1 and CKA_SENSITIVE=1 Key Attributes for all Generated, Derived and Unwrapped keys
  • SH-5322 - The firmware crashes when cancelling a multi-part operation. The firmware no longer crashes when cancelling a multi-part operation.
  • SH-5595 - Deriving x9.42 DH2 returns CKR_OBJECT_HANDLE_INVALID. Deriving x9.42 DH2 no longer returns CKR_OBJECT_HANDLE_INVALID

Updated Luna Cloud HSM Service Firmware Versions in EU

The firmware versions for Luna Cloud HSM Services operating in EU environments have been updated. The current firmware version based on region and FIPS mode are as follows:

  • NA FIPS - 1.4.0
  • NA non-FIPS - 1.4.2
  • EU FIPS - 1.5
  • EU non-FIPS - 1.6 

FW 1.5 includes improvements to the Point to Point encryption service. FW 1.5 also includes the following bug fixes:

  • SH-4366 - The firmware can create but not import public+sensitive keys. You must specify both CKA_PRIVATE=1 and CKA_SENSITIVE=1 Key Attributes for all Generated, Derived and Unwrapped keys
  • SH-5322 - The firmware crashes when cancelling a multi-part operation. The firmware no longer crashes when cancelling a multi-part operation.
  • SH-5595 - Deriving x9.42 DH2 returns CKR_OBJECT_HANDLE_INVALID. Deriving x9.42 DH2 no longer returns CKR_OBJECT_HANDLE_INVALID

FW 1.6 includes all of the improvements from FW1.5 and additional enhancements.

Updates to DPoD Platform

Additional Fields are now Mandatory for Tenant Registration

The following fields are now mandatory for tenant registration:

  • Address
  • City
  • ZIP Code
  • State/Province/Region*

* Mandatory if Country is set to United States, Canada, or Australia

Luna Cloud HSM Service Rebranding

Changed

The following Luna Cloud HSM service names have been changed:

  • HSM on Demand is now Luna Cloud HSM
  • HSM on Demand for CyberArk is now Luna Cloud HSM for CyberArk
  • HSM on Demand for Digital Signing is now Luna Cloud HSM for Digital Signing
  • HSM on Demand for Hyperledger is now Luna Cloud HSM for Hyperledger 
  • HSM on Demand for Java Code Signer is now Luna Cloud HSM for Java Code Signer 
  • HSM on Demand for Microsoft ADCS is now Luna Cloud HSM for Microsoft ADCS 
  • HSM on Demand for Microsoft Authenticode is now Luna Cloud HSM for Microsoft Authenticode
  • HSM on Demand for Microsoft SQL Server is now Luna Cloud HSM for Microsoft SQL Server 
  • HSM on Demand for PKI Private Key Protection is now Luna Cloud HSM for PKI Private Key Protection 
  • HSMoD for Oracle TDE is now Luna Cloud HSM for Oracle TDE 
  • HSM on Demand with Key Export is now Luna Cloud HSM with Key Export
Show Previous EntriesShow Previous Entries