Sandbox (SBX)
The Sandbox (SBX) offers a specific environment for seamless integration and testing with CloudHSM. It offers an equivalent user space to the ECO service, featuring dual HSM synchronization but without performance guarantees. It provides detailed device log access for both users and Securosys Support, facilitating efficient troubleshooting. The SBX is perfect for preparing any Primus HSM or CloudHSM integration and receives HSM firmware updates first, enabling both ECO and PLATINUM users to conduct pre-tests before general rollouts.
The Sandbox (SBX) is designed exclusively for integration and testing purposes. It offers a secure and controlled environment where developers and subscribers can experiment with new features, configurations, and workflows without affecting production systems. Sandbox is not intended for productive use; it is strictly for non-productive usage, operating with a simplified segregation of duties.
Service Description
This service provides access to Securosys Cloud HSM Service partitions with the following attributes:
| Attribute | Description |
|---|---|
| Client Connections | Not limited |
| Storage Capacity | 10MB (up to 200 RSA-4096 asymmetric key pairs, 5MB reserved for user audit logs). Additional Storage Capacity is available in increments of 100 MB |
| Performance | Best Effort |
| Key Generation | Best Effort |
| Cryptographic APIs | PKCS#11, Java (JCA/JCE), Microsoft CNG or REST |
| Supported Functions | See the Supported Algorithms and Functions list |
| Operational Mode | non-FIPS |
Service Options
In addition to the service description provided above, the following table outlines the available options and indicates whether they are currently enabled, disabled, or can be optionally selected:
| Option | Availability |
|---|---|
| Attestation and Partition Audit | Enabled |
| Partition Administration | Option. Requires purchase or rent of Decanus Terminal |
| Smart Key Attributes | Enabled |
| Transaction Security Broker (TSB) | Enabled |
| Crypto Currencies | Enabled |
| Post-Quantum Cryptographic Algorithms | Enabled |
| Timestamp Service (RFC3161 compliant) | Enabled |
Regions
SBX is accessible through either a Regional Swiss (expanding soon to a global) cluster, ensuring optimal reach and performance tailored to specific geographic needs. This distribution is detailed in the table below.
| Service Package | Data Center locations | Active DC | Business Continuity DC |
|---|---|---|---|
| Sandbox (SBX), Switzerland | Switzerland, USA, Singapore | CH01, CH02 (launched soon: US02, SG01) | - |
Partition Policy Settings
The following tables provide an overview of all partition policy settings, indicating whether they are enabled, disabled, or available for selection by the customer upon ordering and wether they can be modified afterwards.
API Settings
| API Activation | Availability |
|---|---|
| PKCS#11 | Selectable upon ordering |
| Java (JCA/JCE) | Included; can be enabled/disabled upon ordering |
| Microsoft CNG | Included; can be enabled/disabled upon ordering |
| REST | Included; can be enabled/disabled upon ordering |
| Client API Access | Enabled. Modifiable via Support Portal or Decanus Terminal via Partition Administration to take partition completely offline. |
Partition Settings
| Policy | Availability |
|---|---|
| Key Import | Selectable upon ordering. Modifiable via Support Portal or Decanus Terminal via Partition Administration. |
| Key Export | Selectable upon ordering. Modifiable via Support Portal or Decanus Terminal via Partition Administration. |
| Key Invalidation | Selectable upon ordering. Modifiable via Support Portal or Decanus Terminal via Partition Administration. |
| Partition R/O | Disabled. Modifiable via Support Portal or Decanus Terminal via Partition Administration. |
| Session Objects | Enabled |
| Object Destruction | Selectable upon ordering. Modifiable via Support Portal or Decanus Terminal via Partition Administration. |
| Object Usage | Enabled. Modifiable via Support Portal or Decanus Terminal via Partition Administration. |
Service Management
The CloudHSM SBX partition offers versatile management options to make changes to the partition policy setting. Users can utilize the Decanus Terminal via Partition Administration or submit change requests on the Support Portal.