Thales Luna Network HSM

Thales Luna Network HSM is a hardware security module with a very high level of flexibility. Extensive features and a large number of available options make it the flagship device in Thales’ portfolio of general-purpose HSM modules. The presented variety is a network appliance, allowing to serve, in the highest performance version, a very large number of clients. For the most demanding solutions, it is also possible to use multiple devices working in parallel. For applications dedicated to a single server, Luna is also available as a PCI Express card.

Security

The HSM has been certified according to FIPS 140-2 methodology to level 3 and according to CommonCriteria to level EAL4+. The module can also be used for trust services as defined in the European eIDAS (Electronic Identification and Trust Services Regulation) A distinctive element of the design is the possibility of using partitions, i.e. isolated spaces for storing cryptographic keys, intended for different applications. This gives an additional layer of protection to the cryptographic material. The HSM is equipped with mechanisms that are obvious in this class of devices, such as multi-component authentication with key partitioning and extensive operation recording. Convenient and advanced monitoring of device operation is also possible, as well as fully remote management.

Datasheet

Performance

The current generation of Luna devices, designated as Luna 7, is available in three versions that have different capabilities. The detailed differences can be seen in the table below. The wide range of device performance allows you to choose the right solution for each application

Performance is measured in transactions/signatures per second (TPS)

PerformanceRSAECC
model 700 Standard Performance
Memory: 2MB
Maximum Partitions: 5
1000 - 2048 bit

2000 - 256 bit
model 750 Enterprise Performance
Memory: 16MB
Maximum Partitions: 20
5000 - 2048 bit

10000 - 256 bit
model 790 Maximum Performance
Memory: 32MB
Maximum Partitions: 100
10000 - 2048 bit

20000 - 256 bit
Note: performance may depend on the operating system, applications and other factors
Supported cryptographic algorithms
Symmetric algorithmsAES, AES-GCM, Triple DES, DES, ARIA, SEED, RCS, RC4, RC5, CAST
Asymmetric algorithmsRSA, DSA, Diffie-Hellman, Elliptic Curve Cryptography (ECDSA, ECDH, Ed25519, ECIES)
HASH algorithmsSHA-1, SHA-2, SHA-3, SM2, SM3, SM4
Technical specification
Physical characteristics482,6mm x 533,4mm x 43,8mm
Energy consuption: 110W max, 84W typical
Supported OS*Windows, Linux, Solaris, AIX
Virtual: VMware, Hyper-V, Xen, KVM
APIPKCS#11
Microsoft CAPI and CNG
Java JCA/JCE
OpenSSL
REST API for administration
* Contact us in order to obtain detailed information regarding support for a specific OS version