Updated on 2022-11-09 GMT+08:00

Operation Guide

Restrictions

  • Dedicated HSM instances must be used together with VPC. After a Dedicated HSM instance is purchased, you need to configure its VPC, security group, and NIC on the management console before using it.
  • For security purposes, Dedicated HSM instances do not provide services for the public network. To manage the instances, deploy their management tool in their VPC.

Operation Guide

To use Dedicated HSM on the cloud, you can purchase Dedicated HSM instances through the management console. After a Dedicated HSM instance is purchased, you will receive the UKey sent by Dedicated HSM. You need to use the UKey to initialize and control the instance. You can use the management tool to authorize service applications the permission to access Dedicated HSM instances. Figure 1 illustrates the operation flow.

Figure 1 Operation Guide

Table 1 describes the operation guide.

Table 1 Operation guide descriptions

No.

Procedure

Description

Operated By

1

Create a Dedicated HSM instance.

Create an instance on the Dedicated HSM management console. Huawei Cloud security team will evaluate your use scenarios to ensure that the instance meets your service requirements. Then you can pay for the ordered instance.

User

2

Activate a Dedicated HSM instance.

After an instance is purchased, you need to configure the instance on the management console. You need to select the VPC where the instance belongs and the function type of the instance. For details, see Activating a Dedicated HSM Instance.

User

3

Allocate a Dedicated HSM instance.

A purchased instance will be allocated to the user.

A security expert will contact you through the contact information you provided and determine whether the instance ordered meets your service requirements. The instance will be allocated after the expert reviews and confirms your order.

Dedicated HSM security expert

4

Provide the UKey, initialization guide, and software.

  • A security expert sends the Ukey to the email address you provided.

    A UKey is the only identifier of a Dedicated HSM user. Keep it properly.

  • A security expert will provide you with the software and guide for initializing Dedicated HSM instances.

    If you have any questions, contact the expert.

Dedicated HSM security expert

5

Initialize and manage instances (involving UKey authentication).

  1. Install the tool for managing Dedicated HSM instances on the instance management node.
  2. Use the UKey and the management tool to initialize the Dedicated HSM instance, and register an administrator to manage the Dedicated HSM instance and the key.

For details, see Initializing a Dedicated HSM Instance.

User

6

Install the security agent and granting access permissions.

Install and initialize the security agent on service application nodes.

For details, see Installing the Security Agent and Granting Access Permissions.

User

7

Access the instance.

Service applications access the Dedicated HSM instances through APIs or SDK.

User