Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

back

Client Resources

Client Network Connectivity

search

Client Network Connectivity

Client Network Connectivity

Data Protection on Demand is offered from two isolated regions, Europe and North America. No data is shared between European and North American DPoD instances. Customers are required to configure any connection requirements for their system, such as: opening ports, configuring proxies, and allowing access through firewalls.

This document outlines the required communication paths for each instance by use case. When configuring your connection, you must:

  • Use the fully qualified domain names (FQDNs) provided in the client package, we do not recommend using IP addresses. Any variations to the configuration will forfeit all guarantees provided by the DPoD SLA.
  • Replace the text <tenant> with your tenant hostname. The tenant hostname is set during the tenant creation process, and is found in the URL that is used to access the platform.
  • Ensure that Windows operating systems hosting the client are able to validate the server certificate status (OCSP/CRL) using port 80. If you are unable to open port 80 please include list the certificate revocation lists (CRLs) and online certificate status protocoles (OCSPs) included in the Certificate Authority CRLs and OCSPs section.

The Luna Cloud HSM Service failover to the redundant datacenter uses a change to DNS to direct client traffic to a secondary datacenter. The client configuration file includes the FQDN for the Luna Cloud HSM Service datacenter in the REST = PartitionData00 section or the REST = ServerName section after executing setenv (eu.hsm.dpondemand.io or na.hsm.dpondemand.io). In the event of a failover the DNS record for FQDN is updated to point to the secondary datacenter.
Ensure that the client is configured to use the domain name for the datacenter and to not configure any filtering based on the IP addresses. Failure to use the domain name and filtering IP addresses could result in the client being unable to failover to the secondary datacenter.

Refer to the proxy configuration instructions for more information about configuring your Luna Cloud HSM Service Client to use your network proxy configuration.

Europe Region

Use Case FQDN Port
DPoD Management Console Platform: https://<tenant>.eu.market.dpondemand.io
User authentication: https://<tenant>.uaa.system.pegasus.dpsas.io
443 TCP
Luna Cloud HSM Openid discovery url: https://<tenant>.uaa.system.pegasus.dpsas.io/.well-known/openid-configuration
Client credentials grant url: https://<tenant>.uaa.system.pegasus.dpsas.io/oauth/authorize
Client XTC connection: https://eu.hsm.dpondemand.io
443 TCP
CipherTrust Key Management Service access: https://<tenant>.eu.market.dpondemand.io 443 TCP
Platform APIs API endpoint: https://<tenant>.eu.market.dpondemand.io/v1/<api>
Authentication: https://<tenant>.uaa.system.pegasus.dpsas.io/oauth/token
443 TCP

North America Region

Use Case FQDN Port
DPoD Management Console Platform: https://<tenant>.na.market.dpondemand.io
User authentication: https://<tenant>.uaa.system.snakefly.dpsas.io
443 TCP
Luna Cloud HSM Openid discovery url: https://<tenant>.uaa.system.snakefly.dpsas.io/.well-known/openid-configuration
Client credentials grant url: https://<tenant>.uaa.system.snakefly.dpsas.io/oauth/authorize
Client XTC connection: https://na.hsm.dpondemand.io
443 TCP
CipherTrust Key Management Service access: https://<tenant>.na.market.dpondemand.io 443 TCP
Platform APIs API endpoint: https://<tenant>.na.market.dpondemand.io/v1/<api>
Authentication: https://<tenant>.uaa.system.snakefly.dpsas.io/oauth/token
443 TCP

Certificate Authority CRLs and OCSPs

If you are unable to open port 80 please include list the following CRLs and OCSPs.

Certificate Authority
Digicert CRL: http://crl3.digicert.com/ssca-sha2-g7.crl
OCSP: http://ocsp.digicert.com/
Sectigo CRL: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl
OCSP: http://ocsp.sectigo.com/
ComodoCA CRL: http://crl.comodoca.com/
OCSP: http://ocsp.comodoca.com/
USERtrust CRL: http://crl.usertrust.com/
OCSP: http://ocsp.usertrust.com/