You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/dedicated-hsm/monitoring.md
+9-5Lines changed: 9 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,20 +7,24 @@ manager: rkarlin
7
7
ms.custom: mvc
8
8
ms.service: key-vault
9
9
ms.topic: conceptual
10
-
ms.date: 11/14/2022
10
+
ms.date: 01/30/2024
11
11
ms.author: mbaldwin
12
12
---
13
13
14
14
# Azure Dedicated HSM monitoring
15
15
16
-
The Azure Dedicated HSM Service provides a physical device for sole customer use with complete administrative control and management responsibility. The device made available is a [Thales Luna 7 HSM model A790](https://cpl.thalesgroup.com/encryption/hardware-security-modules/network-hsms). Microsoft will have no administrative access once provisioned by a customer, beyond physical serial port attachment as a monitoring role. As a result, customers are responsible for typical operational activities including comprehensive monitoring and log analysis.
17
-
Customers are fully responsible for applications that use the HSMs and should work with Thales for support or consulting assistance. Due to the extent of customer ownership of operational hygiene, it is not possible for Microsoft to offer any kind of high availability guarantee for this service. It is the customer’s responsibility to ensure their applications are correctly configured to achieve high availability. Microsoft will monitor and maintain device health and network connectivity.
16
+
The Azure Dedicated HSM Service provides a physical device for sole customer use with complete administrative control and management responsibility. The device made available is a [Thales Luna 7 HSM model A790](https://cpl.thalesgroup.com/encryption/hardware-security-modules/network-hsms). Microsoft has no administrative access once provisioned by a customer, beyond physical serial port attachment as a monitoring role. As a result, customers are responsible for typical operational activities including comprehensive monitoring and log analysis.
17
+
18
+
Customers are fully responsible for applications that use the HSMs and should work with Thales for support or consulting assistance. Due to the extent of customer ownership of operational hygiene, it is not possible for Microsoft to offer any kind of high availability guarantee for this service. It is the customer's responsibility to ensure their applications are correctly configured to achieve high availability. Microsoft monitors and maintains device health and network connectivity.
18
19
19
20
## Microsoft monitoring
20
21
21
-
The Thales Luna 7 HSM device in use has by default SNMP and serial port as options for monitoring the device. Microsoft has used the serial port connection as a physical means to connect to the device to retrieve basic telemetry on device health. This includes items such as temperature and component status such as power supplies and fans.
22
-
To achieve this, Microsoft uses a non-administrative “monitor” role set up on the Thales device. This role gives the ability to retrieve the telemetry but does not give any access to the device in terms of administrative task or in any way viewing cryptographic information. Our customers can be assured their device is truly their own to manage, administer, and use for sensitive cryptographic key storage. In case any customer is not satisfied with this minimal access for basic health monitoring, they do have the option to disable the monitoring account. The obvious consequence of this is that Microsoft will have no information and hence no ability to provide any proactive notification of device health issues. In this situation, the customer is responsible for the health of the device.
22
+
The Thales Luna 7 HSM device in use has by default SNMP and serial port as options for monitoring the device. Microsoft has used the serial port connection as a physical means to connect to the device to retrieve basic telemetry on device health, including temperature and component status (such as power supplies and fans).
23
+
24
+
To do so, Microsoft uses a nonadministrative "monitor" role set up on the Thales device. This role gives the ability to retrieve the telemetry but does not give any access to the device in terms of administrative task or in any way viewing cryptographic information. Our customers can be assured their device is truly their own to manage, administer, and use for sensitive cryptographic key storage. In case any customer is not satisfied with this minimal access for basic health monitoring, they do have the option to disable the monitoring account. The obvious consequence of this is that Microsoft will have no information and hence no ability to provide any proactive notification of device health issues. In this situation, the customer is responsible for the health of the device.
25
+
23
26
The monitor function itself is set up to poll the device every 10 minutes to get health data. Due to the error prone nature of serial communications, only after multiple negative health indicators over a one hour period would an alert be raised. This alert would ultimately lead to a proactive customer communication notifying the issue.
27
+
24
28
Depending on the nature of the issue, the appropriate course of action would be taken to reduce impact and ensure low risk remediation. For example, a power supply failure is a hot-swap procedure with no resultant tamper event so can be performed with low impact and minimal risk to operation. Other procedures may require a device to be zeroized and deprovisioned to minimize any security risk to the customer. In this situation a customer would provision an alternate device, rejoin a high availability pairing thus triggering device synchronization. Normal operation would resume in minimal time, with minimal disruption and lowest security risk.
0 commit comments