What is Azure Dedicated HSM?
Azure Dedicated HSM provides physical hardware security modules (HSMs) that are FIPS 140-2 Level 3 certified. The service enables full control over cryptographic keys in a single-tenant environment.
Core Features
- FIPS 140-2 Level 3 certified Thales Luna 7 HSMs
- Single-tenant: no shared hardware
- Full administrative control over HSM
- Integration into Azure Virtual Networks
- High availability across multiple HSMs
Typical Use Cases
- Financial service providers with regulatory requirements
- PKI and certificate authority hosting
- Database encryption (TDE)
Benefits
- Highest security level for cryptographic keys
- Full control: only you have access
- Compliance for financial regulations, PCI-DSS, eIDAS
- Migration of existing Luna HSM applications
Integration with innFactory
As a Microsoft Solutions Partner, innFactory supports you with Azure Dedicated HSM: architecture, PKI design, migration from on-premises HSMs, and compliance consulting.
Frequently Asked Questions
What is the difference to Azure Key Vault?
Key Vault is multi-tenant and software-based. Dedicated HSM offers single-tenant hardware modules with full control. Often mandatory for regulated industries.
What HSM hardware is used?
Thales Luna 7 HSMs with FIPS 140-2 Level 3 certification. The hardware is physically in the Azure datacenter but accessible only to you.
Can I migrate existing HSM applications?
Yes, Thales Luna client software is compatible. Migration from on-premises Luna HSMs requires key export/import.
What are the costs?
Approx. 5,000 EUR per HSM per month. For high availability, at least two HSMs are recommended.
