Certified Security - Specialty

Sign Up Free or Log In to participate!

HSM Cluster

The illustrations for the different HSM modules were very helpful. One item I think is worth adding is how to ensure you have high availability. One of the first steps is to create the "HSM Cluster." However, if you only deploy one HSM instance then you have a SPOF. The documentation recommends deploying two HSM instances in different AZs.

In one of the first steps where the UI indicated there were no HSMs available in the AZ chosen it would be important to then add another subnet in an AZ where there is another HSM available. Otherwise I believe you would be at risk of not being able to automatically recover from an AZ failure making your single HSM instance unavailable.

Some users might infer that by creating an "HSM Cluster" you’re automatically getting an HA solution.


Ryan O’Donnell

Is there a question?

0 Answers

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?