CloudHSM Connectivity Details
This document provides all connectivity details for Securosys CloudHSM services. Choose the appropriate configuration based on your deployment environment (Sandbox/Testing vs. Production) and any specific requirements such as FIPS certification.
Overview
Securosys offers connectivity for three primary service lines:
- CloudHSM - HSMaaS: Hardware Security Module as a Service.
- CloudHSM - TSBaaS: REST API as a Service.
- CloudHSM - DKEaaS: Double Key Encryption as a Service.
Onboarding Information
Connectivity details specific to your CloudHSM service are provided during the onboarding process and included in your Welcome Support Ticket. Please refer to that ticket for any additional guidance.
Network Configuration Parameters
For all CloudHSM services, configure your API provider with the following TCP ports:
| TCP Port (JCE/JCA) | TCP Port (PKCS#11) | TCP Port (MS CNG) | TCP Port (REST API) | TCP Port (Partition Administration) |
|---|---|---|---|---|
*Configure Partition Administration only on the master device of a cluster.
Connectivity Details
- For HSMaaS, ensure you include both the master and all clone hostnames in your provider configuration for redundancy and failover.
- The RESTaaS is redundantly deployed and has automated failover within the HSM-Cluster.
| Cluster / Service | Environment | API - Master | API - Clones | REST API |
|---|---|---|---|---|
| ECO01 / ECO02 | Production (Switzerland) | ch01-api.cloudshsm.com | ch02-api.cloudshsm.com | rest-api.cloudshsm.com/v1/ |
| PLAXX | Platinum (International) | plaXX-api.cloudshsm.com | plaXX-api.cloudshsm.com | plaXX-rest-api.cloudshsm.com/v1/ |
| CCM01 | CC Certified, FIPS (Switzerland) | ch01-api.cloudshsm.com | ch02-api.cloudshsm.com | rest-api.cloudshsm.com/v1/ |
| CCMUS01 | CC Certified, FIPS (United States) | us01-api.cloudshsm.com | us02-api.cloudshsm.com | rest-api.cloudshsm.com/v1/ |
| ECOWR01 | Production (International) | de01-api.cloudshsm.com | ch01-api.cloudshsm.com us01-api.cloudshsm.com us02-api.cloudshsm.com sg01-api.cloudshsm.com | rest-api.cloudshsm.com/v1/ |
| ECODE01 | Production (Germany) | de01-api.cloudshsm.com | ch01-api.cloudshsm.com | rest-api.cloudshsm.com/v1/ |
| ECOUS01 | Production (United States) | us01-api.cloudshsm.com | us02-api.cloudshsm.com | rest-api.cloudshsm.com/v1/ |
| ECOSG01 | Production (Singapore) | sg01-api.cloudshsm.com | ch01-api.cloudshsm.com | rest-api.cloudshsm.com/v1/ |
| SBX01 | Sandbox / Testing | ch01-api.cloudshsm.com | ch02-api.cloudshsm.com us02-api.cloudshsm.com sg01-api.cloudshsm.com | sbx-rest-api.cloudshsm.com/v1/ |
CloudHSM - DKEaaS Connectivity Details
For CloudHSM Double Key Encryption as a Service (DKEaaS), use the following endpoints:
- KMS Endpoint: https://cockpit.securosys365.com/
- DKEaaS Apps Endpoints: Use the wildcard URL https://uuid.securosys365.com/ for DKEaaS applications.
Quick Summary
-
Environment Selection:
- Testing/Integration (Sandbox):
- Cluster: SBX01
- RESTaaS Endpoint: sbx-rest-api.cloudshsm.com/v1/
- Production:
- Switzerland: ECO01 and ECO02
- FIPS Compliance:
- Switzerland: CCM01
- United States: CCMUS01
- International: ECOWR01, ECODE01, ECOUS01, or ECOSG01
- RESTaaS Endpoint: rest-api.cloudshsm.com/v1/ for all production environments.
- Testing/Integration (Sandbox):
-
Redundancy & Failover:
- Always include both master and clone hostnames in your HSMaaS API provider configuration.
-
DKEaaS:
- KMS Endpoint: https://cockpit.securosys365.com/
- DKEaaS Apps Endpoints: https://uuid.securosys365.com/
-
Reference:
- For any uncertainties or environment-specific configurations, refer to your Welcome Support Ticket.
For further assistance or clarifications, please contact your support representative or refer to the onboarding documentation included in your Welcome Support Ticket.