Thales is excited to announce a new deployment model for Luna Network HSMs to improve security workflows and operational efficiency while ensuring high availability, scalability, and structured access controls for cryptographic keys.
Clustering and key rings offer deployment model flexibility for Luna HSM customers, enabling them to meet the needs of modern HSM use cases while expanding the choice of deployment options available; this not only complements existing Luna HSM models, such as scalable key storage (SKS) and secure partitions, but also provides customers with an additional deployment model to cater to a diverse range of performance, scalability, and isolation requirements.
Customers with large scale deployments – such as transaction processing, authentication services, or remote digital signing – benefit from clustering through high availability, load balancing and scalability. Key rings enable logical separation and access control, making them well suited for multi-tenant environments and cloud services. They also benefit customers managing multiple applications or business units within a shared HSM infrastructure, particularly in environments that require several key containers, each with its own access control measures.
| Luna HSM Secure Architecture Deployment Models | Main Benefits | Ideal Use Cases |
|---|---|---|
| New: Clustering and Key Rings | – High availability & fault tolerance – Scalability & load balancing (scale to very large key volumes to meet enterprise needs) – Logical key separation with key rings – Multi-tenant logical isolation with dedicated key spaces ensures data separation and compliance | – Large scale deployment (large number of use cases or users) – Eliminates single points of failure for mission-critical workloads – Multi-application deployments – Multi-tenant SaaS platforms requiring strict key segregation |
| Secure Partitions (Default Keys in Hardware) | – Strong isolation per partition (isolate keys and workloads across tenants or applications) – Default keys in hardware enables immediate use of crypto operations – Reduces the complexity of key provisioning and helps meet compliance with hardware-enforced key protection – best cryptographic performance | – Regulated industries (e.g., finance, healthcare, government) – Compliance driven deployments with strict access and audit controls – Customers who need secure, rapid deployment with pre-configured partitions |
| Scalable Key Storage (SKS) | – Scales with growing data and workloads – Allows unlimited key storage for customer applications requiring a greater number of keys than the HSM can physically store – Integrates with cloud KMS APIs | – Very large-scale deployment (e.g., digital ID wallet with millions of keys) – Cloud-first or hybrid environments – SaaS platforms managing large key volumes – Applications needing rapid provisioning or key lifecycle management |
Additional Benefits of Clustering and Key Rings
- Simplifying the introduction of new use cases and customers maximizes the value of an HSM fleet, allowing it to serve a wider range of use cases and accommodate more customers efficiently.
- Streamlining key material backup enhances disaster recovery plan implementation and ensures high availability of crypto assets, as clustering and key rings simplify the setup, backup, and recovery processes while enabling automated management for various use cases.
- Optimize governance by enabling customers to organize and isolate cryptographic keys across environments, facilitating the management of a high volume of keys, and ensuring strict separation for regulatory compliance.
- Quickly scale availability clusters up and down for easy adaptation of crypto infrastructure to meet operational needs, making it ideal for customers with demanding performance or uptime requirements.
- Ease client registration to a cluster, supporting adaptation without disrupting business clients.
- Key migration and flexibility enabling secure migration of keys from an HSM partition to a key ring.
Release Notes and Downloads:
- Customer Release Notes
- Cluster Administration Guide
- Managing Key Rings Documentation
- Software package download available on the Thales Customer Support Portal (Knowledge Base article: KB0029562)
Note: Customers will need to download the latest Luna Appliance Software 7.9.0 with the lnh_cluster-1.0.5 package to use clusters and keyrings on their Luna Network HSM.
