The Thales Data Protection on Demand Terms of Service have been updated. Please review the Terms of Service for more information.
The Thales Data Protection on Demand Terms of Service have been updated. Please review the Terms of Service for more information.
Plugin version 2.5.0 with the HSM client 10.7.2 is now available for download from Thales Data Protection on Demand for Luna Cloud HSM services.
See Upgrade Client for more information about upgrading your client.
Users are encouraged to upgrade to this latest client version and ensure it is supported in accordance with the Universal Client Supported Versions with Luna Cloud HSM table.
Customers can use the client without having to configure the "ChrystokiConfigurationPath" environment variable first.
The client startup time was very slow. To address this issue we now group the P11 commands together and send them as one to reduce the turnaround time.
Changed
- Using 10.7.2 or higher, users are no longer required to run setenv to configure the client to connect to the Luna Cloud HSM Service. However, setenv may still be used to configure the client for hybrid use cases or integrations where setting the ChrystokiConfigurationPath is required.
Please see Unpack the client for more information.
- Users can connect to a Luna Cloud HSM service by running the Luna Client in a docker container.
Please see Create a Docker Container to Access a Luna Cloud HSM Service for more information.
- A number of enhancements has been added to the LCH support tool.
The support tool now creates an output file containing additional logging generated by running lunacm. It will also tell you the file was created, its name and the amount of time taken to run each test.
Please see Client connectivity support tool for more information.
In the upcoming release of FW 3.0 for Luna Cloud HSM, CPv1 will be removed from FIPS firmware support as it is no longer compliant with 140-3. As this only affects FIPS mode, all affected users should use CPv4 or transition service to non-FIPS mode. If Luna Network HSM users want to clone to Luna Cloud HSM with a FIPS partition they will have to use Luna 7.8 or higher. See Universal Cloning for more information.
In advance of upcoming enhancements to Luna Cloud HSM we wish to remind our customer base that client versions 10.2, 10.3 and 10.4 are no longer supported by the service and must be upgraded.
Although these client versions will continue to function today, future upgrades to the Cloud HSM Service will render them inoperable.
Users must upgrade to a supported client version before August 27, 2024.
Full instructions for upgrading the client can be found in the thalesdocs.com documentation; https://thalesdocs.com/dpod/services/luna_cloud_hsm/client/upgrade/index.html
For more details please visit our Customer Support Portal.
Version 10.7.1 of the HSM client is now available for download from Thales Data Protection on Demand for Luna Cloud HSM services. This client supports hybrid usage of both Luna Cloud HSM services and the Luna HSM product line, as detailed in the Luna Cloud HSM Client User Guide. See Upgrade Client for more information about upgrading your client.
Users are encouraged to upgrade to this latest client version and ensure it is supported in accordance with the Universal Client Supported Versions with Luna Cloud HSM table.
The private key encryption algorithm used in NTLS connections, is upgraded from TDES/DES3 to AES-256-CBC.
For more information about client features and enhancements and client advisory notes see 10.7.1 Client Customer Release Notes. See Known and Resolved Issues for more information about existing problems and available workarounds.
FW 2.0.5 has been released to all production environments. This release resolves the issue with restoring Luna Cloud HSM backups from a Luna USB Backup HSM.
The new firmware versions based on region and FIPS mode are as follows:
Added
The issue with restoring Luna Cloud HSM backups from a Luna USB Backup HSM has been rectified with FW 2.0.5.
Luna Cloud HSM Datacenters are now configured with a floating IP address. Users should be aware that any client configuration that relies on a static IP address configuration will no longer function.
Please see the Client Network Connectivity Documentation for information about configuring your client environment. Thales does not recommend using any static IP filtering when accessing the service. Should your configuration require the use of static IP address filtering, please contact Thales Customer Support for more information.
The certificate CA provider for the platform authentication service is being changed to Sectigo, a global leader in digital identity security solutions. The scheduled time for this change is detailed on the DPoD Status Dashboard.
Please be aware that you may need to update your system's certificates and ensure that CA CRL and OCSP endpoints are reachable in accordance with this change.
If you require assistance or have any inquiries please contact our Support Team using the Thales Customer Support Portal.
Users can now subscribe to individual components through the Thales Data Protection on Demand Status Page. When you subscribe to updates you can specify the DPoD components, services and regions that you would like to receive updates for.
To become a subscriber or update your subscription visit the Thales Data Protection on Demand Status Page and click Subscribe to Updates.
