Skip to main content

Sandbox (SBX)

The Sandbox (SBX) offers a dedicated environment for seamless integration and testing with CloudHSM. It mirrors the user space of the ECO service, featuring dual HSM synchronization but without performance guarantees. The debug mode provides detailed device log access for both users and Securosys Support, facilitating efficient troubleshooting. The SBX is perfect for preparing any Primus HSM or CloudHSM integration and receives HSM firmware updates first, enabling both ECO and PLATINUM users to conduct pre-tests before general rollouts.

note

The Sandbox (SBX) is designed exclusively for integration and testing purposes. It offers a secure and controlled environment where developers and subscribers can experiment with new features, configurations, and workflows without affecting production systems. Sandbox is not intended for productive use; it is strictly for non-productive usage, operating with a simplified segregation of duties.

Service Description

This service provides access to Securosys Cloud HSM Service partitions with the following attributes:

AttributeDescription
Client ConnectionsNot limited
Storage Capacity10MB (up to 200 RSA-4096 asymmetric key pairs, 5MB reserved for user audit logs). Additional Storage Capacity is available in increments of 100 MB
PerformanceBest Effort
Key GenerationBest Effort
Cryptographic APIsPKCS#11, Java (JCA/JCE), Microsoft CNG or REST
Supported FunctionsSee the Supported Algorithms and Functions list
Operational Modenon-FIPS

Service Options

In addition to the service description provided above, the following table outlines the available options and indicates whether they are currently enabled, disabled, or can be optionally selected:

OptionAvailability
Attestation and Partition AuditEnabled
Partition AdministrationOption. Requires purchase or rent of Decanus Terminal
Smart Key AttributesOption
Transaction Security Broker (TSB)Option
Crypto CurrenciesOption
Post-Quantum Cryptographic AlgorithmsEnabled
Timestamp Service (RFC3161 compliant)Option

Regions

SBX is accessible through either a Regional Swiss or US cluster, ensuring optimal reach and performance tailored to specific geographic needs. This distribution is detailed in the table below.

Service PackageData Center locationsActive DCBusiness Continuity DC
Sandbox (SBX), SwitzerlandSwitzerlandCH01, CH02-
Sandbox (SBX), USAUSA, SwitzerlandUS01, US02-

Partition Policy Settings

The following tables provide an overview of all partition policy settings, indicating whether they are enabled, disabled, or available for selection by the customer upon ordering and wether they can be modified afterwards.

API Settings

API ActivationAvailability
PKCS#11Selectable upon ordering
Java (JCA/JCE)Selectable upon ordering
Microsoft CNGSelectable upon ordering
RESTSelectable upon ordering
Client API AccessEnabled. Modifiable via Support Portal or Decanus Terminal via Partition Administration to take partition completely offline.

Partition Settings

PolicyAvailability
Key ImportSelectable upon ordering. Modifiable via Support Portal or Decanus Terminal via Partition Administration.
Key ExportSelectable upon ordering. Modifiable via Support Portal or Decanus Terminal via Partition Administration.
Key InvalidationSelectable upon ordering. Modifiable via Support Portal or Decanus Terminal via Partition Administration.
Partition R/ODisabled. Modifiable via Support Portal or Decanus Terminal via Partition Administration.
Session ObjectsEnabled
Object DestructionSelectable upon ordering. Modifiable via Support Portal or Decanus Terminal via Partition Administration.
Object UsageEnabled. Modifiable via Support Portal or Decanus Terminal via Partition Administration.

Service Management

The CloudHSM SBX partition offers versatile management options to make changes to the partition policy setting. Users can utilize the Decanus Terminal via Partition Administration or submit change requests on the Support Portal.