- What's New
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- Key Management Service
- Cloud Secret Management Service
- Key Pair Service
- Dedicated HSM
- Auditing Logs
- Permission Control
- Best Practices
-
API Reference
- Before You Start
- Calling APIs
- API Overview
- APIs
- Application Examples
- Permissions Policies and Supported Actions
- Appendix
- Change History
- SDK Reference
-
FAQs
-
KMS Related
- What Is Key Management Service?
- What Is a Customer Master Key?
- What Is a Default Key?
- What Are the Differences Between a Custom Key and a Default Key?
- What Is a Data Encryption Key?
- Why Cannot I Delete a CMK Immediately?
- Which Cloud Services Can Use KMS for Encryption?
- How Do Huawei Cloud Services Use KMS to Encrypt Data?
- What Are the Benefits of Envelope Encryption?
- Is There a Limit on the Number of Custom Keys That I Can Create on KMS?
- Can I Export a CMK from KMS?
- Can I Decrypt My Data if I Permanently Delete My Custom Key?
- How Do I Use the Online Tool to Encrypt or Decrypt Small Volumes of Data?
- Can I Update CMKs Created by KMS-Generated Key Materials?
- How Are Default Keys Generated?
- What Should I Do If I Do Not Have the Permissions to Perform Operations on KMS?
- Why Can't I Wrap Asymmetric Keys by Using -id-aes256-wrap-pad in OpenSSL?
- Key Algorithms Supported by KMS
- What Should I Do If KMS Failed to Be Requested and Error Code 401 Is Displayed?
- CSMS Related
-
KPS Related
- How Do I Create a Key Pair?
- What Are a Private Key Pair and an Account Key Pair?
- How Do I Handle an Import Failure of a Key Pair Created Using PuTTYgen?
- What Should I Do When I Fail to Import a Key Pair Using Internet Explorer 9?
- How Do I Log In to a Linux ECS with a Private Key?
- How Do I Use a Private Key to Obtain the Password to Log In to a Windows ECS?
- How Do I Handle the Failure in Binding a Key Pair?
- How Do I Handle the Failure in Replacing a Key Pair?
- How Do I Handle the Failure in Resetting a Key Pair?
- How Do I Handle the Failure in Unbinding a Key Pair?
- Do I Need to Restart Servers After Replacing Its Key Pair?
- How Do I Enable the Password Login Mode for an ECS?
- How Do I Handle the Failure in Logging In to ECS After Unbinding the Key Pair?
- What Should I Do If My Private Key Is Lost?
- How Do I Convert the Format of a Private Key File?
- Can I Change the Key Pair of a Server?
- Can a Key Pair Be Shared by Multiple Users?
- How Do I Obtain the Public or Private Key File of a Key Pair?
-
Dedicated HSM Related
- What Is Dedicated HSM?
- How Does Dedicated HSM Ensure the Security for Key Generation?
- Do Equipment Room Personnel Has the Super Administrator Role to Steal Information by Using a Privileged UKey?
- What HSMs Are Used for Dedicated HSM?
- What APIs Does Dedicated HSM Support?
- How Do I Enable Public Access to a Dedicated HSM Instance?
- Pricing
- General
- Change History
-
KMS Related
- Videos
Show all
Creating a Dedicated HSM Instance
When creating a Dedicated HSM instance, you need to specify the region and fill in your contact information.
- Initial installation fee, charged when you create a Dedicated HSM instance.
- Yearly/Monthly fee, charged when Activating a Dedicated HSM Instance.
Prerequisites
You have obtained the login account (with the Ticket Administrator and KMS Administrator permissions) and password for logging in to the management console.
Constraints
- When purchasing a Dedicated HSM instance, you need to submit a service ticket to set the UKey recipient information. Only the accounts with the Ticket Administrator permission can submit service tickets.
- After you created an instance, a UKey will be sent to the address in your contact information. Then you can use the UKey to initialize and authorize your service applications to access the instance.
Procedure
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project.
- Click
. ChooseSecurity > Data Encryption Workshop.
- In the navigation pane on the left, choose Dedicated HSM > Instances.
- Click Create Dedicated HSM in the upper right corner of the page.
- Billing Mode can only be set to Yearly/Monthly.
Figure 1 Billing Mode
- Select a region and project.
Figure 2 Selecting a region
NOTE:
- Select the current region and the default project.
- Only the default project is supported. User-defined projects cannot be created.
- Select the service edition for the instance. See Figure 3 for details. Table 1 lists related parameters.
Table 1 Edition parameters Parameter
Description
Service Edition
Platinum edition (outside Chinese mainland)
Encryption Algorithm
Algorithm supported by the HSM instance.
- Symmetric algorithm: AES
- Asymmetric algorithm: RSA, DSA, ECDSA, DE, and ECDH
- Digest algorithm: SHA1, SHA256, SHA384
Certification
FIPS 140-2 Level 3 certified
- Choose Service Tickets > Create Service Ticket. Our Huawei Cloud experts will contact you and provide a customized purchase plan and its quote.
- In the Case Severity drop-down list, select General guidance.
- In the Problem Description text box, enter Dedicated HSM Contact Information.
- Contact Information: Enter the phone number and email address to receive the progress information of the service ticket.
NOTICE:
Ensure that the contact information provided in the Confidential Information text box is valid so that our security experts can contact you in a timely manner.
Figure 4 Creating a service ticket - Click Submit. The service ticket is displayed on the My Service Tickets page.
NOTE:
After the service ticket is created successfully, you can click View Details in the Operation column to view details. You can remind the support team of a service ticket, leave your messages, cancel a service ticket, or closed a service ticket based on service ticket statuses.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.