Help Center/ Data Encryption Workshop/ User Guide/ Dedicated HSM/ Operation Guide
Updated on 2024-09-29 GMT+08:00
View PDF

Operation Guide

Restrictions

  • Dedicated HSM instances must be used together with VPC. After a Dedicated HSM instance is created, you need to configure its VPC, security group, and NIC on the management console before using it.
  • To manage Dedicated HSM instances, you need to deploy the Dedicated HSM management tool in the same VPC as the instances.

Operation Guide

To use Dedicated HSM on the cloud, you can create Dedicated HSM instances through the management console. After a Dedicated HSM instance is created, you will receive the UKey sent by Dedicated HSM. You need to use the UKey to initialize and control the instance. You can use the management tool to authorize service applications the permission to access Dedicated HSM instances. Figure 1 illustrates the operation flow.

Figure 1 Operation Guide

Table 1 describes the operation guide.

Table 1 Operation guide descriptions

No.

Procedure

Description

Operated By

1

Create a Dedicated HSM instance.

Create an instance on the Dedicated HSM management console. Huawei Cloud security team will evaluate your use scenarios to ensure that the instance meets your service requirements. Then you can pay for the ordered instance.

User

2

Activate a Dedicated HSM instance.

After an instance is purchased, you need to configure the instance on the management console. You need to select the VPC where the instance belongs and the function type of the instance. For details, see Activating a Dedicated HSM Instance.

User

3

Allocate a Dedicated HSM instance.

A security expert will contact you through the contact information you provided and determine whether the instance ordered meets your service requirements. The instance will be allocated after the expert reviews and confirms your order.

Dedicated HSM security expert

4

Obtain the UKey, initialization documents, and software.
  • A security expert sends the Ukey to the email address you provided.

    A UKey is the only identifier of a Dedicated HSM user. Keep it properly.

  • A security expert will provide you with the software and guide for initializing Dedicated HSM instances.

    If you have any questions, contact the expert.

    NOTE:

    You can submit a Service Ticket to provide the UKey recipient address and contact security experts for guidance.

Dedicated HSM security expert

5

Initialize and manage instances (involving UKey authentication).
  1. Install the tool for managing Dedicated HSM instances on the instance management node.
  2. Use the UKey and the management tool to initialize the Dedicated HSM instance, and register an administrator to manage the Dedicated HSM instance and the key.

For details, see Initializing a Dedicated HSM Instance.

User

6

Install the security agent and granting access permissions.

Install and initialize the security agent on service application nodes.

For details, see Installing the Security Agent and Granting Access Permissions.

User

7

Access the instance.

Service applications access the Dedicated HSM instances through APIs or SDK.

User
Parent topic: Dedicated HSM