Thales Luna Network HSM
Thales Luna Network HSM is a hardware security module with a very high level of flexibility. Extensive features and a large number of available options make it the flagship device in Thales’ portfolio of general-purpose HSM modules. The presented variety is a network appliance, allowing to serve, in the highest performance version, a very large number of clients. For the most demanding solutions, it is also possible to use multiple devices working in parallel. For applications dedicated to a single server, Luna is also available as a PCI Express card.
Security
The HSM has been certified according to FIPS 140-2 methodology to level 3 and according to CommonCriteria to level EAL4+. The module can also be used for trust services as defined in the European eIDAS (Electronic Identification and Trust Services Regulation) A distinctive element of the design is the possibility of using partitions, i.e. isolated spaces for storing cryptographic keys, intended for different applications. This gives an additional layer of protection to the cryptographic material. The HSM is equipped with mechanisms that are obvious in this class of devices, such as multi-component authentication with key partitioning and extensive operation recording. Convenient and advanced monitoring of device operation is also possible, as well as fully remote management.
Datasheet
Performance
The current generation of Luna devices, designated as Luna 7, is available in three versions that have different capabilities. The detailed differences can be seen in the table below. The wide range of device performance allows you to choose the right solution for each application
Performance is measured in transactions/signatures per second (TPS)
| Performance | RSA | ECC |
|---|---|---|
| model 700 Standard Performance Memory: 2MB Maximum Partitions: 5 | 1000 - 2048 bit | 2000 - 256 bit |
| model 750 Enterprise Performance Memory: 16MB Maximum Partitions: 20 | 5000 - 2048 bit | 10000 - 256 bit |
| model 790 Maximum Performance Memory: 32MB Maximum Partitions: 100 | 10000 - 2048 bit | 20000 - 256 bit |
Note: performance may depend on the operating system, applications and other factors
| Supported cryptographic algorithms | |
|---|---|
| Symmetric algorithms | AES, AES-GCM, Triple DES, DES, ARIA, SEED, RCS, RC4, RC5, CAST |
| Asymmetric algorithms | RSA, DSA, Diffie-Hellman, Elliptic Curve Cryptography (ECDSA, ECDH, Ed25519, ECIES) |
| HASH algorithms | SHA-1, SHA-2, SHA-3, SM2, SM3, SM4 |
| Technical specification | |
|---|---|
| Physical characteristics | 482,6mm x 533,4mm x 43,8mm Energy consuption: 110W max, 84W typical |
| Supported OS* | Windows, Linux, Solaris, AIX Virtual: VMware, Hyper-V, Xen, KVM |
| API | PKCS#11 Microsoft CAPI and CNG Java JCA/JCE OpenSSL REST API for administration |