Early in 2025 Thales Data Protection on Demand (DPoD) will be changing the Identity Provider (IDP) used in the DPoD platform to Thales OneWelcome. To ensure continued network connectivity between your Luna Cloud HSM client and the service partition please ensure that you update your include lists to allow the Thales OneWelcome fully qualified domain names. The Luna Cloud HSM data centers are configured with floating IP addresses and as a result of this configuration we do not support using static IP addresses or hardcoded IP addresses to access the services. 

For more information about the IDP migration see the DPoD IDP Migration FAQ. For more information about configuring and troubleshooting your client connection see Client Network Connectivity and Troubleshooting the Client Connection.

Thales Data Protection on Demand (DPoD) will be changing the Identity Provider (IDP) used in the DPoD platform to Thales OneWelcome. This update enables the platform to provide modern authentication options as well as simplifying logins for users that manage multiple tenants on the platform. 

For more information about this upcoming change and potential impacts to you please see the DPoD IDP Migration FAQ.

The Thales Data Protection on Demand Terms of Service have been updated. Please review the Terms of Service for more information.

In the upcoming release of FW 3.0 for Luna Cloud HSM, CPv1 will be removed from FIPS firmware support as it is no longer compliant with 140-3. As this only affects FIPS mode, all affected users should use CPv4 or transition service to non-FIPS mode. If Luna Network HSM users want to clone to Luna Cloud HSM with a FIPS partition they will have to use Luna 7.8 or higher. See Universal Cloning for more information.

Luna Cloud HSM Datacenters are now configured with a floating IP address. Users should be aware that any client configuration that relies on a static IP address configuration will no longer function. 

Please see the Client Network Connectivity Documentation for information about configuring your client environment. Thales does not recommend using any static IP filtering when accessing the service. Should your configuration require the use of static IP address filtering, please contact Thales Customer Support for more information.

The certificate CA provider for the platform authentication service is being changed to Sectigo, a global leader in digital identity security solutions. The scheduled time for this change is detailed on the DPoD Status Dashboard. 

Please be aware that you may need to update your system's certificates and ensure that CA CRL and OCSP endpoints are reachable in accordance with this change. 

If you require assistance or have any inquiries please contact our Support Team using the Thales Customer Support Portal.

Users can now subscribe to individual components through the Thales Data Protection on Demand Status Page. When you subscribe to updates you can specify the DPoD components, services and regions that you would like to receive updates for. 

To become a subscriber or update your subscription visit the Thales Data Protection on Demand Status Page and click Subscribe to Updates. 

Thales Data Protection on Demand has updated the procedure for purchasing service subscriptions. Services can now be purchased through the subscriptions tab in the DPoD user interface instead of the services tab. This includes subscribing to new services, renewing expiring subscriptions, or adding quantities to an existing subscription. 

For more information see Purchasing a Service Subscription.

Thales Data Protection on Demand has made the following changes to how billing and service subscriptions work in DPoD:

• The trial state no longer applies to the tenant, tenants are instead entitled to a 30-day evaluation period for each unique DPoD service type. The trial begins when you first create a new DPoD service of a service type and deleting the service does not stop or pause the trial.
• The Service Elections submission and approval process remains unchanged, but it now triggers the conversion of trial subscriptions to production subscriptions or directly creates production subscriptions. When a service elections form is processed the selected service types become paid subscriptions.
• Service providers, tenant administrators and application owners can review their subscription data using the Subscriptions tab in the DPoD GUI.
• All services of a new service type provisioned after April 15th are "Trial" subscriptions, with a 30-day evaluation. 

Tenants that have an accepted Service Elections form will have the following changes: 

• All paid subscriptions (DPoD Monthly, DPoD Term, Google) will be visible from the Subscriptions tab in the DPoD GUI.
• All services created before April 15th under a service elections form become "Term" (or "Uncommitted" if the Term is expired) subscriptions.
• All services created before April 15th and not under a service elections form become "Uncommitted" subscriptions.

Tenants that do not have an accepted Service Elections form will have the following changes:

• All existing services become "Trial" subscriptions, beginning April 15th, with a 30-day evaluation. 

Note: If your tenant is unable to retrieve and display subscriptions please contact Thales support to resolve the issue. You will be unable to provision new services until the issue is resolved.