Thales would like to remind you that the previous generation Luna HSM 5.x/ 6.x and Luna Java HSM 3.x products are now End of Life. As announced on September 7th 2018, these products have reached the full end of life and support status.
Customers still using Luna HSM 5.x/6.x PCIe or Network HSM or Luna Java HSM 3.x products listed below should consider migrating to the Luna 7 HSM product family as soon as possible.
https://cpl.thalesgroup.com/resources/encryption/time-to-migrate-to-thales-luna-hsm-7-solution-brief
- Table 1 describes the end of life milestones, definitions, and dates for the affected products
- Table 2 lists the product part numbers affected by this announcement
- Customers with active and paid service and support contracts: support will be available until the End of Support date as shown in Table 1
- Customers with Common Criteria, Brazil ITI and Singapore NITES certification requirements: please read the Thales Docs (https://thalesdocs.com/) information to check which version of the Luna 7 firmware will meet your certification requirements.
EoS Milestones and Dates – Table 1
| Milestone | Date | Impact |
| External Announcement | 7-Sep-18 | SafeNet Luna HSM 5.x/6.x and SafeNet Luna Java HSM 3.x are officially replaced by SafeNet Luna HSM 7. |
| End-of-Sale | 28-Feb-20 | Final orders for affected Luna HSMs must be received by this date. Full technical and RMA support will be provided. Security updates and software maintenance will be provided as needed. |
| End-of-Support | 1-Sep-22 | Technical support, RMA or equipment repairs, security updates, and software/firmware maintenance cease. |
Migration Path – Luna HSM 5.x / 6.x
Option 1: Luna HSM 7
Luna HSM 5.x/6.x customers are encouraged to migrate to Luna HSM 7. In addition to providing the same security features as Luna HSM 5.x/6.x, Luna HSM 7 offers:
- Fastest HSM on the market with over 20,000 ECC and 10,000 RSA operations/seconds
- Lower latency for improved efficiency
- Common Universal Client (7.x/ 10.x) – supporting multiple appliance versions as well as the Luna cloud HSM
- Docker Container Support
- Flexible Partition Policies
- Partition Policy Templates
- High quality keys through external Quantum RNG seeding
- Remote PED HSM initialization
- 4*1 Gigabit Ethernet ports with up to 2*10 Gigabit fiber network connectivity and 2*1 Gigabit with Port Bonding
- Enhanced Environmental Failure Protection against temperature, voltage, time, and radiation
- Sliding rails for ease of installation (optional) and Locking Bezels
- FIPS 140-2 Level 3 for both Password and PED-based HSMs
- FIPS 140-3 Level 3 for both Password and PED-based HSMs in review
- Common Criteria (CC) EAL4+ (AVA_VAN.5 and ALC_FLR.2) against the Protection Profile (PP) 419221-5
Migration Path –Luna HSM 5x. / 6.x
Option 2: Luna Cloud HSM with Data Protection on Demand
Data Protection on Demand is a cloud-based platform that provides a wide range of on-demand HSM, key management and encryption services through a simple online marketplace. Data Protection on Demand helps enterprises reduce infrastructure costs, easily manage security, and shorten the time to market. Just click and deploy the data protection services/tiles you need, provision new tenants, and further services and get usage and audit reporting in minutes.
Highlights:
- Zero upfront investment
- Cloud agnostic
- Up and running in less than 5 minutes
- OpEx only usage-based billing
- SLA on Demand – 99.95% availability
- Automatic failover included
- Key backups are automatic
- Key and crypto operation metrics and reporting
- Elastic, automatic scaling
- Low total cost of ownership
Migration Path – Luna Java HSM (3.x)
Luna HSM 7 (Network HSM or PCIe HSM) is the recommended migration product for Luna Java HSM (Luna SP).
Although it is not a one for one replacement, Luna HSM 7 provides Java API support (JCA/JCE and JCprov). Additionally, Functionality Module (FM) allows secure custom code to be developed and executed within the secure confines of the HSM card. This combination allows for the development of Java applications with highly secure elements operating inside the hardware boundary of a HSM.
Any enterprise Java application code (which would have been run on the Tomcat application server of the Java HSM appliance), would in the future need to be run on a dedicated application server with either a PCIe card built in or an additional Luna Network HSM, which perform the Java application related crypto functionality.
Affected Products: Table 2
The HSM part numbers affected by this announcement are listed here in Table 2.
| Luna/Network HSM
End-of-Life Part Number |
Description |
| 908-000157 | Luna SA 1700, PED-Auth, 2 HSMP, CL |
| 908-000158 | Luna SA 1700, PW-Auth, 2 HSMP, CL |
| 908-000159 | Luna SA 1700, PED-Auth, 2 HSMP (No Backup) |
| 908-000160 | Luna SA 1700, PW-Auth, 2 HSMP, CKE |
| 908-000161 | Luna SA 1700, PED-Auth, 2 HSMP, CKE |
| 908-000162 | Luna SA 1700, Local PED Bundle (2 HSMP, CL, Local PED, 20 PED keys, Backup HSM) |
| 908-000163 | Luna SA 1700, Remote PED Bundle (2 HSMP, CL, Remote PED, 20 PED keys, Backup HSM) |
| 908-000071 | Luna SA 7000, PED-Auth, 2 HSMP, CL |
| 908-000090 | Luna SA 7000, PW-Auth, 2 HSMP, CL |
| 908-000094 | Luna SA 7000, Local PED Bundle (2 HSMP, CL, Local PED, 20 PED keys, Backup HSM) |
| 908-000095 | Luna SA 7000, Remote PED Bundle (2 HSMP, CL, Remote PED, 20 PED keys, Backup HSM) |
| Luna PCIe HSM End-of-Life Part Number |
Description |
| 908-000143 | Luna PCI-E 1700, PW-Auth, CL |
| 908-000144 | Luna PCI-E 1700, PW-Auth, CKE |
| 908-000145 | Luna PCI-E 7000, PW-Auth, CL |
| 908-000147 | Luna PCI-E 1700, PED-Auth, CL |
| 908-000148 | Luna PCI-E 1700, PED-Auth, CKE |
| 908-000149 | Luna PCI-E 7000, PED-Auth, CL |
| Luna Java HSM End-of-Life Part Number |
Description |
| 908-000218-001 | LUNA SP 7000 PED-AUTH,1 HSMP,CL,SW V3.0.1,FW6.2.1/6.21.0 |
| 908-000218-002 | LUNA SP 7000 PED-AUTH,1 HSMP,CL,SW V3.0.10,FW6.2.1/6.21.2 |
Luna 5 and 6 Accessories
Accessories supported only on Luna 5 and 6 PCIe and Network HSM will be shipped on a best effort basis. We cannot guarantee the availability of any of these accessories. There will be no restocking of the accessories after the depletion of current inventories. Please check for the availability with our supply chain by writing to the following email address:
DLOpsStock & LeadTime Requests New <DLOpsStock&LeadTimeRequestsNew@Thalesgroup.com>.
Luna 5 and 6 Licenses
It is not possible to place an order for additional licenses for your Luna 5 and 6 PCIe or Network HSMs.
Additional Information
For any other questions or concerns, please contact your Thales Representative.
