Gemalto announces the End-of-Sale and End-of-Support dates for SafeNet Luna HSM 5.x/6.x and SafeNet Luna Java HSM 3.x. The last day to order the affected product(s) is February 28, 2020.
• Table 1 describes the end-of-life milestones, definitions, and dates for the affected products
• Table 2 lists the product part numbers affected by this announcement
• Customers with active and paid service and support contracts: support will be available until the End of Support date shown in Table 1
• Customers with Common Criteria, Brazil ITI and Singapore NITES certification requirements: please read through the Projects with Certification Requirements section to learn how the currently certified variants will remain available
EoS Milestones and Dates – Table 1
| Milestone | Date | Impact |
| External Announcement | 7-Sep-18 | SafeNet Luna HSM 5.x/6.x and SafeNet Luna Java HSM 3.x are officially replaced by SafeNet Luna HSM 7. |
| End-of-Sale | 28-Feb-20 | Final orders for affected SafeNet Luna HSMs must be received by this date. Full technical and RMA support will be provided. Security updates and software maintenance will be provided as needed. |
| End-of-Support | 1-Sep-22 | Technical support, RMA or equipment repairs, security updates, and software/firmware maintenance cease. |
Migration Path – SafeNet Luna HSM 5.x / 6.x
Option 1: SafeNet Luna HSM 7
SafeNet Luna HSM 5.x/6.x customers are encouraged to migrate to SafeNet Luna HSM 7. In addition to providing the same security features as SafeNet Luna HSM 5.x/6.x, SafeNet Luna HSM 7 offers:
• Fastest HSM on the market with over 20,000 ECC and 10,000 RSA operations/secon
• Lower latency for improved efficiency
• Common Client (7.2) – supporting multiple appliance versions
• Docker Container support
• Flexible Partition Policies
• Partition Policy Templates
• High quality keys through external Quantum RNG seeding
• Remote PED HSM initialization
• 4 x 1 Gigabit Ethernet ports with Port Bonding
• Enhanced Environmental Failure Protection against temperature, voltage, time, and radiation
• Sliding rails for ease of installation (optional) and Locking Bezels
• FIPS 140-2 Level 3 for both Password and PED-based HSMs
• Common Criteria (CC) EAL4+ (AVA_VAN.5 and ALC_FLR.2) against the Protection Profile (PP) 419221-5 is under evaluation
Migration Path – SafeNet Luna HSM 5x. / 6.x
Option 2: As a Service Model with SafeNet Data Protection on Demand
SafeNet Data Protection on Demand is a cloud-based platform that provides a wide range of on-demand HSM, key management and encryption services through a simple online marketplace. SafeNet Data Protection on Demand helps enterprises reduce infrastructure costs, easily manage security, and shorten time to market. Just click and deploy the data protection services/tiles you need, provision new tenants, and further services and get usage and audit reporting in minutes.
Highlights:
• Zero upfront investment
• Cloud agnostic
• Up and running in less than 5 minutes
• OpEx only usage-based billing
• SLA On Demand – 99.95% availability
• Automatic failover included
• Key backups are automatic
• Key and crypto operation metrics and reporting
• Elastic, automatic scaling
• Low total cost of ownership
Migration Path – SafeNet Luna Java HSM (3.x)
SafeNet Luna HSM 7 (Network HSM or PCIe HSM) is the recommended migration product for SafeNet Luna Java HSM (Luna SP).
Although it is not a one for one replacement, SafeNet Luna HSM 7 provides Java API support (JCA/JCE and JCprov). Additionally, future Functionality Module (FM) support (early 2019) will also allow secure custom code to be developed and executed within the secure confines of the HSM card. This combination allows for the development of Java applications with highly secure elements operating inside the hardware boundary of a HSM.
Any enterprise Java application code (which would have been run on the Tomcat application server of the Java HSM appliance), would in the future need to be run on a dedicated application server with either a PCIe card built in or an additional SafeNet Luna Network HSM, which perform the Java application related crypto functionality.
Affected Products: Table 2
The SafeNet HSM part numbers affected by this announcement are listed here in Table 2. Please note that not all revisions will be affected in order to satisfy Common Criteria, Brazil ITI and Singapore NITES certification requirements.
| SafeNet Luna/Network HSM End-of-Sale Part Number |
Description |
| 908-000157 | Luna SA 1700, PED-Auth, 2 HSMP, CL |
| 908-000158 | Luna SA 1700, PW-Auth, 2 HSMP, CL |
| 908-000159 | Luna SA 1700, PED-Auth, 2 HSMP (No Backup) |
| 908-000160 | Luna SA 1700, PW-Auth, 2 HSMP, CKE |
| 908-000161 | Luna SA 1700, PED-Auth, 2 HSMP, CKE |
| 908-000162 | Luna SA 1700, Local PED Bundle (2 HSMP, CL, Local PED, 20 PED keys, Backup HSM) |
| 908-000163 | Luna SA 1700, Remote PED Bundle (2 HSMP, CL, Remote PED, 20 PED keys, Backup HSM) |
| 908-000071 | Luna SA 7000, PED-Auth, 2 HSMP, CL |
| 908-000090 | Luna SA 7000, PW-Auth, 2 HSMP, CL |
| 908-000094 | Luna SA 7000, Local PED Bundle (2 HSMP, CL, Local PED, 20 PED keys, Backup HSM) |
| 908-000095 | Luna SA 7000, Remote PED Bundle (2 HSMP, CL, Remote PED, 20 PED keys, Backup HSM) |
| SafeNet Luna PCIe HSM End-of-Sale Part Number |
Description |
| 908-000143 | Luna PCI-E 1700, PW-Auth, CL |
| 908-000144 | Luna PCI-E 1700, PW-Auth, CKE |
| 908-000145 | Luna PCI-E 7000, PW-Auth, CL |
| 908-000147 | Luna PCI-E 1700, PED-Auth, CL |
| 908-000148 | Luna PCI-E 1700, PED-Auth, CKE |
| 908-000149 | Luna PCI-E 7000, PED-Auth, CL |
| SafeNet Luna Java HSM End-of-Sale Part Number |
Description |
| 908-000218-001 | LUNA SP 7000 PED-AUTH,1 HSMP,CL,SW V3.0.1,FW6.2.1/6.21.0 |
| 908-000218-002 | LUNA SP 7000 PED-AUTH,1 HSMP,CL,SW V3.0.10,FW6.2.1/6.21.2 |
Projects with Certification Requirements
Projects that require SafeNet Luna HSMs for specific certifications such as Common Criteria, Brazil ITI, Singapore NITES, etc., not available on newer SafeNet Luna HSM releases will remain active and will be exempt from the published End of Sale/ End of Support timelines. Once the certification of newer SafeNet Luna HSM versions has been completed, a transition plan and timeline will be announced, ensuring sufficient time to plan your migrations.
Should you have a project with specific certification requirements, please contact your Gemalto Sales Representative for additional details.
Additional Information
For any other questions or concerns please contact your Gemalto Representative.
