Updated on 2024-12-19 GMT+08:00

Creating a Dedicated HSM Instance

When creating a Dedicated HSM instance, you need to specify the region and fill in your contact information.

The fee for a Dedicated HSM instance in platinum edition consists of the following two parts:

Prerequisites

You have obtained the login account (with the Ticket Administrator and KMS Administrator permissions) and password for logging in to the management console.

Constraints

  • You need to activate the instance before using it.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click on the left. Choose Security & Compliance > Data Encryption Workshop.
  4. In the navigation pane on the left, choose Dedicated HSM > Instances.
  5. Click Create Dedicated HSM in the upper right corner of the page.
  6. Billing Mode can only be set to Yearly/Monthly.

    Figure 1 Billing Mode

  7. Select a region and project.

    Figure 2 Selecting a region
    • Select the current region and the default project.
    • Only the default project is supported. User-defined projects cannot be created.

  8. Select an instance edition. For details, see Figure 3. Table 1 lists related parameters.

    Figure 3 Platinum edition
    Table 1 Edition parameters

    Parameter

    Description

    Service Edition

    Platinum edition

    Encryption Algorithm

    Algorithm supported by the HSM instance.

    • Symmetric algorithm: AES
    • Asymmetric algorithm: RSA, DSA, ECDSA, DE, and ECDH
    • Digest algorithm: SHA1, SHA256, SHA384

    Specifications

    Performance specifications supported by platinum edition, including:
    • Data communication protocol: TCP/IP (maximum number of concurrent connections: 2048)
    • RSA2048 signature computing performance: 1,500 TPS
    • RSA2048 signature verification computing performance: 25,000 TPS
    • ECDSA256 signature computing performance: 23,000 TPS
    • ECDSA256 signature verification computing performance: 9,000 TPS
    • DSA2048 signature computing performance: 2,800 TPS
    • DSA2048 signature verification computing performance: 3,000 TPS

    Certification

    FIPS 140-2 Level 3 certified

  9. Type the instance name.

    Figure 4 Setting an instance name

  10. The Enterprise Project parameter needs to be set only for enterprise users.

    If you are an enterprise user and have created an enterprise project, select the required enterprise project from the drop-down list. The default project is default.

    If there are no Enterprise Management options displayed, you do not need to configure it.

  11. Set the duration and number of Dedicated HSM instances to be purchased.

    1. Set the required duration.

      The required duration ranges from one month to one year.

    2. Set the Quantity.

      You can set the quantity as required.

      To ensure high service reliability, you need to purchase at least two Dedicated HSM instances. You can purchase a maximum of 20 Dedicated HSM instances.

      A single instance is only suitable for testing. If you want to purchase one for testing, contact our Huawei Cloud security experts.

  12. (Optional) Add tags to the dedicated HSM instance as needed, and enter the tag key and tag value.

    • To add tags for an instance, locate the instance, and click Tag in the Operation column. For details about other operations, see Tag Management.
    • An instance can have up to 20 tags.

  13. Confirm the configuration and click Next. For any doubt about the pricing, click Pricing details to understand more.
  14. On the Order Details page, confirm the order details, read and select I have read and agree to the Privacy Policy Statement.
  15. Click Pay Now. On the displayed page, select a payment method and pay.
  16. After successful payment, you can view the information about the HSM instance on the HSM instance list page.

    If the status of an HSM instance is Installing, it indicates that the instance is purchased successfully.