Get Started with CipherTrust Data Security Platform Services
CipherTrust Data Security Platform Services (CDSPaaS) is offered through the Data Protection on Demand (DPoD) marketplace.
Required Purchased Services
There are two services to purchase associated with CDSPaaS. Contact a Thales service representative to purchase them.
Key Management Service - allows you to create and manage keys, as well as carry out administration tasks such as user management. The Key Management Service is mandatory to use the any of the connector offerings in the CipherTrust service.
Connector or API Service - allows you to manage and monitor various key management and encryption use cases within the product portfolio. CDSPaaS currently supports a CipherTrust Cloud Key Management (CCKM) service.
These services can be made for the following terms:
3 years - For this term, you can pay either on an annualized basis, or for the entire term up front.
The number of connector or API services to purchase is based on your projected consumption of use case specific objects.
The following table indicates the clouds and objects associated with the CCKM service. One of each of these CDSPaaS KMS container objects objects corresponds to one CCKM service.
|Cloud Key Management System (KMS)
|Cloud-related KMS Container Object on CDSPaaS
|Amazon Web Services (AWS)
|Google Cloud KMS - Customer-managed Encryption Keys (CMEK) and External Key Manager (EKM) key types only
|Client Side Encryption (CSE)
|Azure Key Vault
|Salesforce Shield KMS
|SAP Data Custodian
A single Google Project can have both CMEK and EKM keys. This requires one CCKM service.
A single AWS Account can have a combination of Bring Your Own Key (BYOK), CloudHSM, and External Key Store (XKS) use cases. This requires one CCKM service.
If you find that you need more connector services later, you can configure more connector/API endpoints. Your Thales account team then contacts you to review your connector service usage. The account team can add connector services mid-term and match the new connector services' end date with the existing connector services.
Provision a CipherTrust Service
Register a DPoD subscriber tenant through either of the following URLs, depending on your region. A DPoD subscriber tenant is a DPoD instance, with its own unique URL subdomain, where users consume services, including CDSPaaS.
URL Region https://thales.na.market.dpondemand.io/signup North America https://thales.eu.market.dpondemand.io/signup Europe
An associated DPoD subscriber tenant hostname and Tenant Administrator account is created on DPoD. You are taken to your DPoD subscriber tenant login page.
When you create the CipherTrust service on DPoD, you can select a different cloud region to deploy the service in. The cloud region of the service has more of an effect on network latency for CDSPaaS than the DPoD subscriber tenant region.
Log in to your DPoD subscriber tenant as the Tenant Administrator.
Provision the CipherTrust service on DPoD to make a CDSPaaS tenant with an automatically generated tenant name. A CDSPaaS tenant is a logical boundary for each customer, cryptographically isolated from other customers by a unique Luna Cloud HSM partition and master encryption key.
Navigate to Services, select Add Service and select the CipherTrust Data Security Platform service.
Enter your configuration details in the Add Service wizard and click Finish to confirm.
The service name you provide here is a convenience for display in DPoD. The CDSPaaS tenant name used in the CDSPaaS interfaces is different.
The DPoD user who provisions the service becomes the initial Application Administrator for the CDSPaaS service. Application administrators are ultimately responsible for creating and assigning CDSPaaS resources.
Click the service name in DPoD to launch CDSPaaS web console UI in a separate browser tab.
The URL is of the form
The tenant cannot be renamed.
Bookmark this URL for quick access to the CipherTrust service later.
On the login page, click Log In with DPoD.
If you are directed to a second login page with the DPoD tenant name, enter the Email and Password of the DPoD user who provisioned the CDSPaaS tenant.
CDSPaaS User Interfaces
On first login to the UI, you are presented with the CipherTrust Data Security Platform Service Management Console, with the administrative navigation menu on the left, and application products in the center.
Only the CipherTrust Cloud Key Manager (CCKM) application is available at this time.
Consult the CipherTrust Manager Administration Guide for information on the administrative features.
Consult the CCKM Administration Guide for information on CCKM workflows and use cases.