Dynamic Partitioning on Data Protection on Demand (DPoD)

Dynamic Partitioning is a new feature that allows Thales Luna Cloud HSMs to connect across multiple tenant accounts.  The Thales Luna Cloud HSM client can now connect to multiple, different Luna Cloud Services at the same time, including services from different DPoD tenants, giving customers and service providers more flexibility when accessing DPoD partitions.

Dynamic Partitioning offers the following benefits:

  • Access to all Luna Cloud HSM services from a single centralized location, which allows for centralized backup or key management operations for your teams
    Many of our customers have centralized key management teams who are responsible for the creation, management and archival of keys. The updates to the Luna client allow those teams to connect to all services an organization may have deployed and carry out key management activities from a single location.
  • Securely share key material between tenants
    Connecting multiple services to a single client allows key material to be cloned between Luna Cloud HSM services that have been configured with the same cloning domain. This permits the exchange of keys without needing to use other key exchange concepts such as key wrapping.
  • Service Providers can connect to multiple end-user tenants with a single client
    Many Service Providers have customers each with one or more DPoD tenant accounts. This new feature allows a Service Provider to dynamically configure a Luna Cloud HSM client to access a customer’s service.

With the new Dynamic Partitioning, please rest assured the credentials to access the partition remain owned by the customer tenant and can be revoked at any time. Only the customer tenant has access to the audit logs from the service (and not the service provider or third party).