Unsung has maintained a strategic partnership with Thales for over five years, developing extensive expertise in their hardware security modules and data protection solutions. This partnership is fundamental to our ability to deliver highly assured PKI implementations for UK government, defence, and enterprise customers.

As a Value-Added Solutions Provider, we design, implement, integrate, and support Thales HSM deployments, routinely implementing Luna HSMs to protect Root CA and Issuing CA private keys. Our consultants understand the specific requirements of FIPS 140-2 Level 3 cryptographic key protection and the operational considerations that ensure HSM deployments meet security and availability requirements.

‍

Thales provides the Luna line of hardware security modules as network appliances, PCIe cards, USB and backup units, and as a cloud HSM service, acting as a hardware root of trust for cryptographic keys and operations.

Luna Network HSM 7 is a high-assurance, network-attached HSM appliance for general-purpose cryptography including RSA, ECC, and symmetric operations. Common use cases include PKI, TLS/SSL offload, code signing, database encryption, and key management. The platform supports up to approximately 100 isolated partitions with FIPS 140-2/140-3 Level 3 validation, strong multi-tenant separation, and MFA/PED authentication on S-series models.

Luna PCIe HSM 7 is an internal PCIe card form factor HSM for applications requiring very low latency, on-box cryptographic processing. Typical use cases include high-throughput transaction systems, CA signing, payment applications, and specialised appliances.

Luna USB and Luna Backup HSMs are portable USB form factor HSMs and dedicated backup HSMs used to securely store and transport master keys, perform secure key backup and restore, and support smaller-scale or offline key operations. They are often deployed alongside Network or PCIe Luna HSMs to protect root keys, seed new clusters, or provide disaster recovery key storage.

Luna Cloud HSM is delivered via the Thales Data Protection on Demand cloud marketplace, providing Luna HSM instances without on-premises hardware deployment whilst keeping keys in hardware. The service integrates with the standard Luna Client and supports HA groups with on-premises HSMs.

Recent Luna 7 firmware adds support for post-quantum mechanisms including LMS/HSS and ML-DSA/ML-KEM via functionality modules, enabling quantum-resistant signing and key encapsulation within the HSM for organisations planning post-quantum cryptography transitions.

‍