Thales Luna Network Hardware Security Modules (HSMs)

Thales Luna HSMs

Secure your devices, identities and transactions with
Thales Luna HSM – the foundation of digital trust

Get in touch

High Assurance Hardware Security Modules

Thales Luna HSMs – The Foundation of Digital Trust

Secure your sensitive data and critical applications by storing, protecting and managing your cryptographic keys in Luna Network Hardware Security Modules (HSMs) – high-assurance, tamper-resistant, network-attached appliances offering market-leading performance.

Easily integrate these network-attached HSMs into a wide range of applications to accelerate cryptographic operations, secure the crypto key lifecycle, and act as a root of trust for your entire crypto infrastructure.

Luna Network HSM - Product Brief

Luna Network HSM - Product Brief

Secure your sensitive data and critical applications by storing, protecting and managing your cryptographic keys in Thales Luna Network Hardware Security Modules (HSMs) - high-assurance, tamper-resistant, network-attached appliances offering market-leading performance and...

2024 Thales Data Threat Report

Global Edition

2024 Thales Data Threat Report

Read more about Navigating New Threats and Overcoming Old Challenges


Get Your Copy Today
Contact a specialist about Thales Luna HSMs
  • Overview
  • Features
  • Specifications

Approach to key security: keys in hardware

Protect the entire lifecycle of your keys within the FIPS validated confines of the Thales Luna Network HSM. Our unique approach to protecting cryptographic keys in hardware positions our appliances as the most trusted general purpose HSMs on the market. Unlike other methods of key storage which move keys outside of the HSM into a “trusted layer,” the keys-in-hardware approach ensures that your keys always benefit from both physical and logical protections of the Thales Luna Network HSM.

Market-Leading Performance – Built for Speed

Faster than other HSMs on the market, Thales Luna Network HSM 7 is ideally suited for use cases that require high performance such as the protection of SSL/TLS keys and high volume code signing.

Scalable Security for Virtual and Cloud Environments

Separate Thales Luna Network HSMs into up to 100 cryptographically isolated partitions, with each partition acting as if it was an independent HSM. A single HSM can act as the root of trust that protects the cryptographic key lifecycle of hundreds of independent applications, providing you with a tremendous amount of scalability and flexibility.

Keys and partitions are cryptographically separated from each other, enabling Enterprises and Service Providers to leverage the same hardware for multiple tenants and appliances.

Ease of Use – Centralised Crypto Resources

Simplify the administration of multiple HSMs using Thales Crypto Command Centre to provide on-demand provisioning and monitoring of crypto resources.

The De Facto Standard for the Cloud

As the de facto standard in the cloud, Thales Luna Network HSMs are deployed in more public cloud environments than any other HSM. Scale to meet your cryptographic performance requirements regardless of the environment be it on-premises, private, public, or hybrid and multi-cloud environments.

Largest Ecosystem of Partners Available

Quickly secure a large number of standard applications with our broad partner ecosystem – documented, out-of-the-box integrations with Thales Luna Network HSMs.

Internet of Things

Guard against evolving threats and capitalise on emerging technologies including the Internet of Things (IoT), Blockchain, and more, with Thales unparalleled combination of products and features. 

Compliance

Meet compliance and audit needs for GDPR, eIDAS, FIPS 140, Common Criteria, HIPAA, PCI-DSS, and others, in highly-regulated industries including Financial, Healthcare and Government.

Environmental by Design

Thales Luna HSMs are dedicated to demonstrating a measurable and significant decrease in our carbon footprint, reducing power consumption and operating cost over each generation of HSM through eco-design, in alignment with Thales’ ESG (environmental, social, and governance) commitment to a greener, safer world.

Luna Network HSM 7 Features & Benefits

Sample Applications:

  • PKI key generation & storage (online and offline CA keys)
  • SSL/TLS
  • Code Signing
  • Certificate Signing & Validation
  • Document signing
  • HSMaaS – Private & Public Cloud Environment
  • Transaction processing
  • Database encryption
  • Smart card issuance
  • Hardware root of trust for the Internet of Things (IoT)
  • Blockchain
  • Compliance including GDPR, PCI-DSS, HIPAA, eIDAS, and more

Superior Performance:

  • Luna Network HSM 7 is the fastest HSM on the market with over 20,000 ECC and 10,000 RSA Operations per second for high performance use cases
  • Lower latency for improved efficiency

Security at a glance:

  • Keys always remain in FIPS validated, tamper-evident hardware
  • High-assurance delivery with secure transport mode
  • De facto standard for the cloud
  • Multiple roles for strong separation of duties
  • Multi person MofN with multi-factor authentication for increased security
  • Meet compliance needs for GDPR, HIPAA, PCI-DSS, eIDAS and more
  • Secure audit logging
  • Remote management
  • Multi-part splits for all access control keys
  • Strongest cryptographic algorithms including Suite B algorithm support
  • Secure decommission

Features:

  • Dual Hot Swap Power Supplies
  • Field Serviceable Components
  • Software upgradable
  • Multiple Roles for Administration
  • Strong Separation of Duties
  • Partitioning and strong cryptographic separation
  • Load Balancing and Scalability

Luna Network HSM 7 Specifications:

Specifications listed below are for Thales Luna Network HSM 7

Feature

Details

OS support
  • Windows, Linux, Solaris, AIX
  • Virtual: VMware, Hyper-V, Xen, KVM
Cryptography
  • Full Suite B support
  • Asymmetric: RSA, DSA, Diffie-Hellman, Elliptic Curve Cryptography (ECDSA, ECDH, Ed25519, ECIES) with named, user-defined and Brainpool curves, KCDSA and more
  • Symmetric: AES, AES-GCM, DES, Triple DES, ARIA, SEED, RC2, RC4, RC5, CAST, and more
  • Hash/Message Digest/HMAC: SHA-1, SHA-2, SM3 and more
  • Key Derivation: SP800-108 Counter Mode
  • Key Wrapping: SP800-38F
  • Random Number Generation: designed to comply with AIS 20/31 to DRG.4 using HW based true noise source alongside NIST 800-90A compliant CTR-DRBG
Cryptographic APIs
  • PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
  • REST API for Administration
Rack MountableStandard 1U 19" rack mount appliance
Dimensions19” × 21” × 1.725” (482.6 mm × 533.4 mm × 43.815 mm)
Weight28lb (12.7 kg)
Input Voltage100-240 V, 50-60 Hz
Power Consumption110 W maximum, 84 W typical
TemperatureOperating 0° to 35°C, storage – 20° to 60°C
Relative Humidity5% to 95% (38°C) non-condensing
Reliability
  • Dual hot-swap power supplies
  • Field-serviceable components
  • Mean Time Between Failure (MTBF) 171,308 hrs
Security certifications
  • FIPS 140-2 level 3 validated – password and multi-factor (PED)
  • FIPS 140-3 validated – password and multi-factor (PED)
  • Common Criteria EAL4+ (AVA_VAN.5 and ALC_FLR.2) certified against the protection profile EN 419 221-5
  • Listed as Qualified Signature or Seal Creation Device (QSCD for either remote or local signing as part of an eIDAS compliant deployment)
  • NIST SP 800-90 A/B/C certified
  • AIS 20/31 compliant to DRG.4
  • Singapore NITES certified
  • Brazil INMETRO approved (formerly ITI)
  • NATO approved for use up to Restricted
  • Other regional certifications (ask your local Thales representative)
Safety & environmental compliance
  • UL, CSA, CE
  • FCC, CE, VCCI, C-TICK, KC Mark
  • RoHS2, WEEE
  • TAA
  • India BIS [IS 13252 (Part 1)/IEC 60950-1]
Host-Interface
  • 4 Gigabit Ethernet ports with Port Bonding IPv4 and IPv6
ManagementMofN support for division of command
LoggingSyslog
MonitoringSNMP

 

 

Luna Network HSM 7 is available in the following performance models to suit your needs:


Luna Network “A” HSM Series:

Luna Network HSM A700, A750, and A790 are FIPS 140-2 Level 3 and FIPS 140-3 Level 3 validated, and password authentication for easy management.

Luna Network “S” HSM Series:

Luna Network HSMs S700, S750, and S790 feature Multi-factor (PED) Authentication, for high-assurance use cases.

All Luna Network HSMs offer the highest levels of performance. Across a breadth of algorithms including ECC, RSA, and symmetric transactions. Additional product highlights include enhanced tamper and environmental failure protection, key ownership regardless of the cloud environment, enhanced multi-tenancy, and dual hot-swappable power supplies that ensures consistent performance and no down-time.

Algorithm

Luna Network HSM 700 Models

Luna Network HSM 750 Models

Luna Network HSM 790 Models

RSA-2048 signing ops1,0005,00010,000
ECC P256 signing ops2,00010,00020,000
AES-GCM small packet encryption ops2,00010,00020,000

 

Download the Luna Network HSM 7 Product Brief

Risk Management Strategies for Digital Processes - White Paper

Risk Management Strategies for Digital Processes with HSMs - White Paper

An Anchor of Trust in a Digital World Business and governmental entities recognize their growing exposure to, and the potential ramifications of, information incidents, such as: Failed regulatory audits Fines Litigation Breach notification costs Market set-backs Brand...