Luna SA – Network-Attached HSM

Award-Winning Hardware Security Module

Luna SA is designed with the security of your cryptographic keys in mind, and is the choice for enterprises requiring strong security for cryptographic keys. As a general purpose hardware security module (HSM), Luna SA can be easily integrated into a wide range of applications to accelerate cryptographic operations, secure the crypto key lifecycle, and acts a root of trust for your entire encryption infrastructure.

Approach to Key Security: Keys in Hardware

Luna SA is the most trusted general purpose HSM on the market in part because of our unique approach to protecting cryptographic keys. Unlike other methods of key storage which move keys outside of the HSM into a “trusted layer,” the keys-in-hardware approach protects the entire key lifecycle within the FIPS 140-2 validated confines of the Luna SA HSM appliance. This method ensures that your keys always benefit from both physical and logical protections of the Luna SA.

Scalable Security for Virtual and Cloud Environments

Luna SA can be separated into twenty cryptographically isolated partitions, with each partition acting as if it was an independent HSM. This provides a tremendous amount of scalability and flexibility, as a single HSM can act as the root of trust that protects the cryptographic key lifecycle of twenty dependent applications. What’s more, Luna SA partitions are designed to protect key material from other tenants on the appliance, meaning different lines of business, or customers in the case of service provides, can leverage the same appliance without fear of losing their keys to another tenants.

Available in Two Performance Models

Luna SA is available in two performance models; Luna 7000 and Luna SA 1700. Luna SA 7000 is a high performance HSM capable of best in class performance across a breadth of algorithms including ECC, RSA, and symmetric transactions. Luna SA 7000 also features a dual, hot-swappable power supply that ensures consistent performance and no down-time. The Luna 1700 variant includes a single power supply, and is capable of 1700 RSA 1024-bit transactions per second.

Sample Applications

  • PKI key generation & key
  • Storage (online CA keys & offline CA keys)
  • Certificate validation & signing
  • Document signing
  • Transaction processing
  • Database encryption
  • Smart card issuance

Security at a Glance

  • FIPS 140-2 (available in Level 2 and 3) validated
  • Common Criteria EAL 4+ certified cryptographic module
  • Keys in hardware
  • Remote management
  • Secure transport mode for high-assurance delivery
  • Multi-level access control
  • Multi-part splits for all access control keys
  • Intrusion-resistant, tamper-evident hardware
  • Secure Audit Logging
  • Strongest cryptographic algorithms
  • Suite B algorithm support
  • Secure decommission

Features

  • Dual Hot Swap Power Supplies
  • Multi-level access control
  • Intrusion-resistant, tamper-evident hardware
  • Field Serviceable Components
  • Software upgradable
  • Up to 100 clients
  • Multiple Roles for Administration
  • Strong Separation of Duties
  • Partitioning and strong cryptographic separation
  • Load Balancing and Scalability
  • Host Trust Links – secure binding of client to HSM in Virtual Cloud Environment

Additional Information

Operating System Support
OS SupportWindows, Linux, Solaris, AIX, HP-UX
Virtual: VMware, Hyper-V, Xen
Cryptographic Support
CryptographyFull Suite B support
Asymmetric: RSA (1024-8192), DSA (1024-3072), Diffie-Hellman, KCDSA, Elliptic Curve Cryptography (ECDSA, ECDH, ECIES) with named, user-defined and Brainpool curves
Symmetric: AES, RC2, RC4, RC5, CAST, DES, Triple DES, ARIA, SEED
Hash/Message Digest/HMAC: SHA-1, SHA-2 (224-512), SSL3-MD5-MAC, SSL3-SHA-1-MAC
Random Number Generation: FIPS 140-2 approved DRBG (SP 800-90 CTR mode)
Crytographic APIsPKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
Physical Characteristics
Rack MountableStandard 19" EIA rack mount chassis (1U height)
Dimensions19" x 21" x 1.725" (482.6mm x 533.4mm x 43.815mm)
Weight28lb (12.7kg)
Input Voltage100-240V, 50-60Hz
Power Consumption180W maximum, 155W typical
TemperatureOperating 0°C to 40°C
Relative Humidity5% to 95% (38°C) non-condensing
Hardware Redundancy2 redundant/hot-swappable power supplies
Security Certifications
CertificationsFIPS 140-2 Level 2 and Level 3
Common Criteria EAL4+
BAC & EAC ePassport Support
Safety and Environmental Compliance
ComplianceUL, CSA, CE
FCC, KC Mark, VCCI, CE
RoHS, WEEE
Management, Logging, and Monitoring
ManagementM of N support for division of command
LoggingSyslog
MonitoringSNMPv3
AlgorithmLuna SA 1700 ModelLuna SA 7000 Model
RSA-10241,7007,000
RSA-20483501,200
ECC P2565002,000
ECIES200300
AES-GCM37003700

Documents

Software

Not Available

Related Products