You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/payment-hsm/faq.yml
+60-2Lines changed: 60 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ metadata:
8
8
ms.service: payment-hsm
9
9
ms.workload: security
10
10
ms.topic: faq
11
-
ms.date: 01/25/2022
11
+
ms.date: 03/10/2023
12
12
ms.author: mbaldwin
13
13
title: Frequently asked questions (FAQ)
14
14
summary: Find answers to common questions about Microsoft Azure Payment HSM.
@@ -19,7 +19,7 @@ sections:
19
19
- question: |
20
20
Where is Azure Payment HSM available?
21
21
answer: |
22
-
Azure Payment HSM is available in the East US and North Europe regions.
22
+
Azure Payment HSM is available in East US, West US, South Central US, Central US, North Europe, and West Europe.
23
23
24
24
- question: |
25
25
How does Azure Payment HSM work?
@@ -50,3 +50,61 @@ sections:
50
50
How do I change the performance level or SKU of my payment HSM?
51
51
answer: |
52
52
See [How to change the performance level of a payment HSM](change-performance-level.md).
53
+
54
+
- question: |
55
+
What default license comes with Azure Payment HSM?
56
+
answer: |
57
+
The service comes with Thales payShield 10K Premium Package license with 1 or 2 LMK at 60CPS, 250CPS or 2500CPS. For pricing, please see [Azure Payment HSM pricing details](https://azure.microsoft.com/pricing/details/payment-hsm); for firmware information, see [Azure Payment HSM service support guide: Firmware and license support](support-guide.md#firmware-and-license-support).
58
+
59
+
- question: |
60
+
In what scenarios you need to contact Thales for licenses?
61
+
answer: |
62
+
Device licenses are required when applying custom firmware or returning to base firmware version. For license, contact Thales support with device serial number.
63
+
64
+
- question: |
65
+
What kind of smart cards/readers are needed? how to use the smart cards?How many smart cards are needed?
66
+
answer: |
67
+
Compatible USB Smartcard reader supplied by Thales. With at least 5 payShield Manager cards available.
68
+
69
+
- question: |
70
+
How do I know whether the smartcards I have are for payShield manager?
71
+
answer: |
72
+
Compatible smart cards have a blue band and are labeled with "payShield Manager Card" These are the only cards compatible with the ciphers used to enable use over network.
73
+
74
+
- question: |
75
+
How are physical keys are handled?
76
+
answer: |
77
+
Physical keylocks are decoupled from payShield Manager use and are no longer tied to system state.
78
+
79
+
- question: |
80
+
Can I still use a console to manage HSM?
81
+
answer: |
82
+
HSMs are managed remotely with payShield Manager. This access does provide a virtual console which can be used for configuration. No access to Local Console is available and availability of local console cannot be controlled.
83
+
84
+
- question: |
85
+
How do I monitor payShield 10K?
86
+
answer: |
87
+
Payshield 10k can be monitored using standard SNMP V3 tools. payShield Monitor is an additional product available to provide continuous monitoring of HSMs. Contact Thales Sales rep for licensing information.
88
+
89
+
- question: |
90
+
How do I setup payShield monitor with Azure Payment HSM?
91
+
answer: |
92
+
Paysheild Monitor is distributed as a Virtual Machine and can be deployed on-premises or hosted in an Azure VM instance.
93
+
94
+
- question: |
95
+
When do I need TMD?
96
+
answer: |
97
+
TMD enables key management for these typical use cases:
98
+
- Forming keys from components
99
+
- Splitting existing keys into components
100
+
- Sharing symmetric KEKs internally within an organization or externally with trusted third party
101
+
102
+
- question: |
103
+
What kind of performance can I expect?
104
+
answer: |
105
+
Performance of a hosted payShield is no different from an on-premises deployment. The actual end-to-end performance of the payment API depends on the location of the workloads and network latencies. When the payment service workloads are run on virtual machines hosted in the same service provider's network, performance should match an on-premises deployment. Network latencies between the computer virtual machine(s) running payment service workloads and the hosted payShield are typically very low, but this would depend on the provider's network setup
106
+
107
+
- question: |
108
+
How do I decommission an HSM?
109
+
answer: |
110
+
Releasing a device process removes ALL customer data, logs, keys, and so forth. For steps, see [Tutorial: Remove a commissioned payment HSM](remove-payment-hsm.md).
This article describes some known issues with Azure Payment HSM.
18
+
19
+
## The PayShield fan is running too fast
20
+
21
+
Sporadic problems have been observed with the PS10K HSM, where the error log indicates that one of the fans is running too fast. Once this error has been observed, it's replicated once every 24 hours to the unit's error log. The error is benign and doesn't affect the HSMs operational functionalities. Clearing the specific error entry from the HSM involves a hard-reboot to the unit. The fan error problem will be fixed with Thales payShield firmware release version v1.8a and 1.6a. See details in [Thales support portal KB0026952](https://supportportal.thalesgroup.com/csm?sys_kb_id=6fe423cec319259063ec26359901310c&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=18143570dba96d544f917828f496190c&sysparm_article=KB0026952).
22
+
23
+
If Azure Payment HSM customers observe the fan too fast error and want to do a hard-reboot to the unit, contact Microsoft support.
24
+
25
+
## Next steps
26
+
27
+
- Learn more about [Azure Payment HSM](overview.md)
28
+
- See some common [deployment scenarios](deployment-scenarios.md)
29
+
- Learn about [Certification and compliance](certification-compliance.md)
0 commit comments