Creating a Dedicated HSM Instance

Prerequisites

You have obtained the login account (with the Ticket Administrator and KMS Administrator permissions) and password for logging in to the management console.

Constraints

• You need to activate the instance before using it.

Procedure

1. Log in to the management console.
2. Click in the upper left corner of the management console and select a region or project.
3. In the navigation on the left, choose > Security & Compliance > Data Encryption Workshop.
4. In the navigation pane on the left, choose Dedicated HSM > Instances.
5. Click Create Dedicated HSM in the upper right corner of the page.
6. Billing Mode can only be set to Yearly/Monthly.
   Figure 1 Billing Mode
   

7. Select a region and project.
   Figure 2 Selecting a region
   
   

   • Select the current region and the default project.
   • Only the default project is supported. User-defined projects cannot be created.

8. Select an instance edition. For details, see Figure 3. Table 1 lists related parameters.
   Figure 3 Platinum edition
   

   Table 1 Edition parameters

   Parameter	Description
   Service Edition	Platinum edition
   Encryption Algorithm	Algorithm supported by the HSM instance. Symmetric algorithm: AES Asymmetric algorithm: RSA, DSA, ECDSA, DE, and ECDH Digest algorithm: SHA1, SHA256, SHA384
   Specifications	Performance specifications supported by platinum edition, including: Data communication protocol: TCP/IP (maximum number of concurrent connections: 2048) RSA2048 signature computing performance: 1,500 TPS RSA2048 signature verification computing performance: 25,000 TPS ECDSA256 signature computing performance: 23,000 TPS ECDSA256 signature verification computing performance: 9,000 TPS DSA2048 signature computing performance: 2,800 TPS DSA2048 signature verification computing performance: 3,000 TPS
   Certification	FIPS 140-2 Level 3 certified

9. Type the instance name.
   Figure 4 Setting an instance name
   

10. The Enterprise Project parameter needs to be set only for enterprise users.

    If you are an enterprise user and have created an enterprise project, select the required enterprise project from the drop-down list. The default project is default.

    If there are no Enterprise Management options displayed, you do not need to configure it.

    

    • You can use enterprise projects to manage cloud resources and project members. For more information about enterprise projects, see What Is Enterprise Project Management Service?
    • For details about how to enable the enterprise project function, see Enabling the Enterprise Center.

11. Set the duration and number of Dedicated HSM instances to be purchased.
    1. Set the required duration.

       The required duration ranges from one month to one year.

    2. Set the Quantity.

       You can set the quantity as required.

       To ensure high service reliability, you need to purchase at least two Dedicated HSM instances. You can purchase a maximum of 20 Dedicated HSM instances.

       

       A single instance is only suitable for testing. If you want to purchase one for testing, contact our Huawei Cloud security experts.

12. (Optional) Add tags to the dedicated HSM instance as needed, and enter the tag key and tag value.
    

    • To add tags for an instance, locate the instance, and click Tag in the Operation column. For details about other operations, see Tag Management.
    • An instance can have up to 20 tags.

13. Confirm the configuration and click Next. For any doubt about the pricing, click Pricing details to understand more.
14. On the Order Details page, confirm the order details, read and select I have read and agree to the Privacy Policy Statement.
15. Click Pay Now. On the displayed page, select a payment method and pay.
16. After successful payment, you can view the information about the HSM instance on the HSM instance list page.

    If the status of an HSM instance is Installing, it indicates that the instance is purchased successfully.