Skip to main content

Sandbox (SBX)

The CloudHSM Sandbox (SBX) service offers a specific environment for seamless integration and testing with CloudHSM. It offers an equivalent user space to CloudHSM Economy, featuring dual HSM synchronization but without performance guarantees.

It provides detailed device log access for both users and Securosys Support, facilitating efficient troubleshooting. CloudHSM Sandbox is perfect for preparing any Primus HSM or CloudHSM integration and receives HSM firmware updates first, enabling both Economy and Platinum users to conduct pre-tests before general rollouts.

warning
  • CloudHSM Sandbox (SBX) is designed exclusively for integration and testing purposes. It offers a secure and controlled environment where developers and subscribers can experiment with new features, configurations, and workflows without affecting production systems.
  • CloudHSM Sandbox (SBX) is not intended for productive use; it is strictly for non-productive usage, operating with a simplified segregation of duties.

Service Description

This service provides access to Securosys Cloud HSM Service partitions with the following attributes:

AttributeDescription
Client ConnectionsNot limited
Storage Capacity10MB (up to 200 RSA-4096 asymmetric key pairs, 5MB reserved for user audit logs). Additional Storage Capacity is available in increments of 100 MB
PerformanceBest Effort
Key GenerationBest Effort
Cryptographic APIsPKCS#11, Java (JCA/JCE), Microsoft CNG or REST
Supported FunctionsSee the Supported Algorithms and Functions list
Operational Modenon-FIPS

Service Options

In addition to the service description provided above, the following table outlines the available options and indicates whether they are currently enabled, disabled, or can be optionally selected:

OptionAvailability
Attestation and Partition AuditEnabled
Partition AdministrationOption. Requires purchase or rent of Decanus Terminal
Smart Key Attributes (SKA)Enabled
Transaction Security Broker (TSB)Enabled
CryptocurrenciesEnabled
Post-Quantum Cryptographic AlgorithmsEnabled
Timestamp Service (RFC3161 compliant)Enabled

Regions

SBX is accessible through either a Regional Swiss (expanding soon to a global) cluster, ensuring optimal reach and performance tailored to specific geographic needs. This distribution is detailed in the table below.

Service PackageData Center locationsActive DCBusiness Continuity DC
Sandbox (SBX), SwitzerlandSwitzerland, USA, SingaporeCH01, CH02 (launched soon: US02, SG01)-

Partition Policy Settings

The following tables provide an overview of all partition policy settings, indicating whether they are enabled, disabled, or available for selection by the customer upon ordering and wether they can be modified afterwards.

API Settings

API ActivationAvailability
PKCS#11Selectable upon ordering
Java (JCA/JCE)Included; can be enabled/disabled upon ordering
Microsoft CNGIncluded; can be enabled/disabled upon ordering
RESTIncluded; can be enabled/disabled upon ordering
Client API AccessEnabled. Modifiable via Support Portal or Decanus Terminal via Partition Administration to take partition completely offline.

Partition Settings

PolicyAvailability
Key ImportSelectable upon ordering. Modifiable via Support Portal or Decanus Terminal via Partition Administration.
Key ExportSelectable upon ordering. Modifiable via Support Portal or Decanus Terminal via Partition Administration.
Key InvalidationSelectable upon ordering. Modifiable via Support Portal or Decanus Terminal via Partition Administration.
Partition R/ODisabled. Modifiable via Support Portal or Decanus Terminal via Partition Administration.
Session ObjectsEnabled
Object DestructionSelectable upon ordering. Modifiable via Support Portal or Decanus Terminal via Partition Administration.
Object UsageEnabled. Modifiable via Support Portal or Decanus Terminal via Partition Administration.

Service Management

The CloudHSM SBX partition offers versatile management options to make changes to the partition policy setting. Users can utilize the Decanus Terminal via Partition Administration or submit change requests on the Support Portal.