Skip to content

Commit d2095ca

Browse files
msmbaldwinmsmbaldwin
committed
Updates
1 parent d0795ee commit d2095ca

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

articles/payment-hsm/deployment-scenarios.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,11 +20,12 @@ Microsoft deploys payment hardware security modules (HSM) in stamps within a reg
2020
Thales doesn't provide PayShield SDK to customers, which supports HA over a cluster (a collection of HSMs initialized with same LMK). However, the customers usage scenario of the Thales PayShield devices is like a Stateless Server. Thus, no synchronization is required between HSMs during application runtime. Customers handle the HA using their custom client. One implementation would be to load balance between healthy HSMs connected to the application. Customers are responsible for implementing high availability by provisioning multiple devices, load balancing them, and using any kind of available backup mechanism to back up keys.
2121

2222
> [!IMPORTANT]
23-
> - Virtual network peering does not support cross-region communication between payment HSM instances. A payment HSM instance in one region cannot communicate with a payment HSM instance in another region.
23+
> - Ensure your Microsoft Cloud Solution Architect has reviewed your payment HSM deployment architecture design and readiness before production launch.
24+
> - Review the supported topologies and constraints listed in the [Solution design](solution-design.md).
2425
> - Network Security Groups and User Defined Routes are not not supported for payment HSM subnets.
26+
> - Virtual network peering does not support cross-region communication with payment HSM instances. A VM in one region cannot communicate with a payment HSM instance in another region without the use of ExpressRoute or a VPN gateway.
2527
> - Customers can allocate a maximum of two payment HSMs from each stamp in one region under same subscription.
2628
> - If customer does not have a High Availability setup in their production environment, the customer will not be able to receive S2 support from Microsoft side.
27-
> - Please ensure your Microsoft Cloud Solution Architect has reviewed your payment HSM deployment architecture design and readiness before production launch.
2829
2930
## High availability deployment
3031

0 commit comments

Comments
 (0)