Version 10.7.1 of the HSM client is now available for download from Thales Data Protection on Demand for Luna Cloud HSM services. This client supports hybrid usage of both Luna Cloud HSM services and the Luna HSM product line, as detailed in the Luna Cloud HSM Client User Guide. See Upgrade Client for more information about upgrading your client.

Users are encouraged to upgrade to this latest client version and ensure it is supported in accordance with the Universal Client Supported Versions with Luna Cloud HSM table.

Added 

Update of Client Private Key Encryption Algorithm

The private key encryption algorithm used in NTLS connections, is upgraded from TDES/DES3 to AES-256-CBC.

FW 2.0.5 has been released to all production environments. This release resolves the issue with restoring Luna Cloud HSM backups from a Luna USB Backup HSM.

The new firmware versions based on region and FIPS mode are as follows: 

• NA FIPS - 2.0.5
• NA non-FIPS - 2.0.5
• EU FIPS - 2.0.5
• EU non-FIPS - 2.0.5

Added 

Luna Cloud HSM Backup

The issue with restoring Luna Cloud HSM backups from a Luna USB Backup HSM has been rectified with FW 2.0.5.

The Service Provider Tenant Usage Report and the associated tenants/usageReport, tenants/usageDetails, and service_instances/usageDetails endpoints have been removed from the platform.

As an alternative use the Service Report in the DPoD service provider tenant or the /v1/service_instances/usageBillingReport endpoint, and the  /v1/backoffice/serviceAgreements{tenantId} endpoint to compile tenant usage information.

The Luna Cloud HSM for DKE service is now available for trial and subscription. 

Provision the service through your Thales DPoD Tenant to access a Luna Cloud HSM partition and the Luna Key Broker for Microsoft DKE service software. Use the service software to create a Microsoft DKE endpoint by running the included container and connecting the Luna Cloud HSM service for secure storage of DKE cryptographic keys. 

See the Luna Cloud HSM for DKE documentation for more information about provisioning and configuring the service.

Thales Data Protection on Demand launched the DPoD Public Marketplace. The public marketplace is available at https://market.dpondemand.io.

The following public marketplace endpoints are now available:

• GET /service_types
• GET /service_types/ {id}
• GET /service_categories
• GET /service_categories/{id}

For more information about the DPoD API see Using the API and the DPoD Platform API.

The CipherTrust Data Security Platform as a Service (CDSPaaS) is now available for provisioning through Thales Data Protection on Demand.

For more information about CDSPaaS see CipherTrust Data Security Platform Services (CDSPaaS).

For more information about provisioning the service and getting started with CDSPaaS see Get Started with CipherTrust Data Security Platform Services.

The new Universal Client Supported Versions with Luna Cloud HSM policy has been created. This outlines the date of the released Universal Clients and their 'end of support' timelines.

If your Universal Client is found to be no longer supported it is strongly recommended that you upgrade to the latest version at your earliest convenience. 

See Upgrading your Client for more information.

The DPoD Key Broker for Google Cloud EKM service now supports the following Key Access Justification reason codes:

• GOOGLE_RESPONSE_TO_PRODUCTION_ALERT
• MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION

For more information about the service see Key Broker for Google Cloud EKM. For more information about the newly supported codes see Key Access Justification Reason Codes.

Thales Data Protection on Demand has made the following changes to how billing and service subscriptions work in DPoD:

• The trial state no longer applies to the tenant, tenants are instead entitled to a 30-day evaluation period for each unique DPoD service type. The trial begins when you first create a new DPoD service of a service type and deleting the service does not stop or pause the trial.
• The Service Elections submission and approval process remains unchanged, but it now triggers the conversion of trial subscriptions to production subscriptions or directly creates production subscriptions. When a service elections form is processed the selected service types become paid subscriptions.
• Service providers, tenant administrators and application owners can review their subscription data using the Subscriptions tab in the DPoD GUI.
• All services of a new service type provisioned after April 15th are "Trial" subscriptions, with a 30-day evaluation. 

Tenants that have an accepted Service Elections form will have the following changes: 

• All paid subscriptions (DPoD Monthly, DPoD Term, Google) will be visible from the Subscriptions tab in the DPoD GUI.
• All services created before April 15th under a service elections form become "Term" (or "Uncommitted" if the Term is expired) subscriptions.
• All services created before April 15th and not under a service elections form become "Uncommitted" subscriptions.

Tenants that do not have an accepted Service Elections form will have the following changes:

• All existing services become "Trial" subscriptions, beginning April 15th, with a 30-day evaluation. 

Note: If your tenant is unable to retrieve and display subscriptions please contact Thales support to resolve the issue. You will be unable to provision new services until the issue is resolved.