PRODUCT BRIEF

SafeNet Luna
Network HSM
v5.x and 6.x

SafeNet Luna Network HSM from Gemalto is the product of choice for enterprises requiring strong security for
PKI, digital signatures, Blockchain, the Internet of Things (IoT), eIDAS, cryptographic key storage, transactional
acceleration, certificate signing, code signing, bulk key generation, data encryption, DNSSEC, and more.

Approach to Key Security: Keys in Hardware

Benefits & Features
SafeNet Luna Network HSM is the most trusted general
purpose HSM on the market in part because of its unique Most Secure
approach to protecting cryptographic keys. Unlike other >> Keys in hardware
methods of key storage which move keys outside of the >> Remote Management
HSM into a “trusted layer,” the keys-in-hardware approach >> Secure transport mode for high-assurance delivery
protects the keys throughout their lifecycle within the FIPS >> Multi-level access control
140-2 validated confines of the SafeNet Luna HSM. This >> Multi-part splits for all access control keys
method ensures that your keys always benefit from both >> Intrusion-resistant, tamper-evident hardware
physical and logical protections of the network HSM and >> Suite B algorithm support
reduces your audit burden. >> Secure decommission
>> Secure Audit Logging
The Leading Hardware Security Module for >> Strongest cryptographic algorithms
the Cloud
Sample Applications
A single SafeNet Luna Network HSM can be separated into >> PKI key generation and key storage (online and offline CA keys)
100 cryptographically isolated partitions, with each partition >> HSM-as-a-Service for private and public cloud
functioning as if it was an independent HSM. This provides a environments
tremendous amount of scalability and flexibility, as a single >> Certificate validation and signing
HSM can protect the cryptographic keys of hundreds of >> Code signing
independent applications concurrently. >> Document signing including remote signing use cases
>> Transaction processing
What’s more, the ability to assign a unique Partition Security
>> Database encryption
Officer to each partition means the configurations of
>> Smart card issuance
partitions and control over cryptographic keys can be strictly
>> Hardware root of trust for the IoT
enforced, even in public cloud environments. For service
providers, this means partitions can be offered as rentable
services and your customers can maintain the trust and
confidence that only they have access to their partition and
Secure Audit Logging
sensitive cryptographic keys.
SafeNet Luna Network HSM can be configured to selectively
Flexible Backup and Disaster Recovery Options log HSM events for security auditing purposes. This allows
for separation of duties between an Audit Officer/Team
SafeNet Luna Network HSM provides secure, auditable and
and the people they are auditing – preventing both the
flexible options to simplify backup, duplication, and disaster
administrative and user personnel from tampering with the
recovery. Key backups can be performed locally or remotely
log files and the auditors from doing anything administrative
to a SafeNet Luna Backup HSM, or other SafeNet HSMs.
or accessing keys.

SafeNet Luna Network HSMs v5.x and 6.x - Product Brief 1

 Operational Enhancements Technical Specifications
The enhanced SNMP trap functionality of SafeNet Luna
Operating System
Network HSM provides operations teams with real- >> Windows, Linux, Solaris, AIX, HP-UX
time visibility into important events related to their HSM >> Virtual: VMware, Hyper-V, Xen
infrastructure. Support for the leading Security Information >> Cloud: AWS, SoftLayer, Azure, vCloudAir
and Event Management (SIEM) platforms enables deeper
analysis and streamlined reporting of HSM events. SIEM Integrations
>> Splunk, Qradar, Arcsight
Common Architecture API Support
All SafeNet general purpose HSMs benefit from a common >> PKCS#11, Java (JCA /JCE), Microsoft CAPI and CNG,
architecture where the supported client, APIs, algorithms, OpenSSL, REST

and authentication methods are consistent across the entire Cryptography

general purpose product line. This eliminates the need to >> Full Suite B support
design applications around a specific HSM, and provides the >> Asymmetric: RSA (1024-8192), DSA (1024-3072), Diffie-
flexibility to move keys from form factor to form factor. Hellman, KCDSA, Elliptic Curve Cryptography (ECDSA,
ECDH, ECIES) with named, user-defined and Brainpool
Available in Two Performance Models curves

©Gemalto 2018. All rights reserved. Gemalto, the Gemalto logo, are trademarks and service marks of Gemalto and are registered in certain countries. PB (EN)-Sep.04.2018 - Design: FR
>> Symmetric: AES, RC2, RC4, RC5, CAST, DES, Triple DES,
SafeNet Luna Network HSM is available in two performance
ARIA, SEED
models: SafeNet Luna Network HSM 7000 is a high
>> Hash/Message Digest/HMAC: SHA-1, SHA-2 (224-512),
performance HSM capable of best-in-class performance SSL3-MD5-MAC, SSL3-SHA-1-MAC, SM3
across a breadth of algorithms including ECC, RSA, and >> Random Number Generation: FIPS 140-2 approved DRBG
symmetric transactions. SafeNet Luna Network HSM 7000 (SP 800-90 CTR mode)
also features dual, hot-swappable power supplies that
Physical Characteristics
ensure consistent performance and no down-time. The
>> Standard 1U 19in. rack mount chassis
standard performance variant, SafeNet Luna Network HSM
>> Dimensions: 19” x 21” x 1.725”
1700, includes a single power supply, and is capable of 1700 (482.6mm x 533.4mm x 43.815mm)
RSA 1024-bit transactions per second (tps). >> Weight: 28lb (12.7kg)
>> Input Voltage: 100-240V, 50-60Hz
>> Power Consumption: 180W maximum, 155W typical
Model >> Temperature: operating 0°C – 35°C, storage -20°C – 60°C
Algorithm SafeNet Luna SafeNet Luna >> Relative Humidity: 5% to 95% (38°C) non-condensing
Network HSM 1700 Network HSM 7000
Security Certifications
RSA-1024 1,700 tps 7,000 tps >> FIPS 140-2 Level 2 and Level 3
RSA-2048 350 tps 1,200 tps >> FIPS 186-4
ECC P256 570 tps 2,000 tps >> NIST SP800-131A
>> UK AMI Spec Compliance
ECIES 200 tps 300 tps
>> Common Criteria EAL4+ (AVA _VAN.5)
AES-GCM 3,700 tps 3,700 tps >> OCSI certified QsigCD and QSealCD
>> BAC & EAC ePassport Support
>> NITES

Safety and Environmental Compliance

>> UL, CSA, CE
>> FCC, KC Mark, VCCI, CE
>> RoHS, WEEE

Host Interface
>> Dual Gigabit Ethernet ports
>> IPv4 and IPv6

Reliability
>> Mean Time Between Failure (MTBF) 500,000 hrs

Centralized, High-Assurance Crypto Resources

>> Simplify the administration of multiple HSMs using
SafeNet Crypto Command Center to provide on-demand
provisioning and monitoring of crypto resources

Contact Us: For all office locations and contact information, please visit www.safenet.gemalto.com/contact-us/
Follow Us: blog.gemalto.com/security/

GEMALTO.COM

SafeNet Luna Network HSMs v5.x and 6.x - Product Brief 2