Prime Factors Blog

3 More Questions about HSM Surveyor

Posted by Mary Still on Apr 23, 2015 4:00:00 AM

Find me on:


In last week's post, I responded to one of the critical questions about Prime Factors' new hardware security module performance/capacity visualization application, HSM Surveyor™.  That question, and the three I will address in this post, came from the recent webinar introducing Surveyor, its capabilities, and how it helps enterprises improve quality of service while controlling cost.  More questions are coming in, which I will address in future posts. 

This post responds to 3 questions about the technical implementation aspects of HSM Surveyor, and its hardware security module monitoring capabilities.

 

  1. How is the data presented byHSM Surveyor collected and stored?
    • Data is collected from Thales e-Security®'s payShield® 9000 hardware security modules through their host ports, not their management ports. Surveyor requires a relational database server to store data collected from each HSM as well as the data collection log. Currently HSM Surveyor supports MariaDB and MySQL. Before using one of these databases for data collection, you must create the database schema. An editable database setup script is provided to simplify configuration.

  2. What kind of statistical data doesHSM Surveyor provide?
    • Data is collected from all monitored HSMs at configurable intervals and archived for historical reporting and analysis. Data collected for statistical analysis includes total HSM load and host command volume over time. Drill down of total HSM load shows the load carried by each HSM in a defined pool during the selected time interval, while drill down of host command volume shows the distribution of execution of any selected host command over time by each HSM in a defined pool.

      We are currently collecting market input regarding how those visualizations are best complemented by statistical data output.  What file formats or commonly available applications would you most like to see supported for HSM monitoring?  Why those and not others?  Please let us know in the Comments section below.

  3. What impact doesHSM Surveyor hardware security module monitoring have onpayShieldHSM performance?
    • Impact on performance is minimal for a couple of reasons. First, very few host commands are regularly sent to HSMs. These are the host commands that are necessary for health checks, network responsiveness, and volume and capacity queries. Second, product administrators determine the interval between collection events and the maximum frequency at which users are allowed to generate live reports.

      Typically, only two commands are used in any data collection interval.  So, for example, if data is collected every 15 minutes, there are only 8 monitoring commands executed in an hour compared to the thousands of commands executed by the HSM hourly for payment-related processes.  Consequently, we believe the application's performance impact would not be noticeable for most operational environments.  More detail is available on this topic - contact me directly, or in the Comments below, for additional performance metrics and analysis.

If you find this discussion useful, you'll find a related discussion in an earlier post to this blog "Who Really Needs HSM Monitoring?"

Customers are expressing great enthusiasm for the positive impact HSM Surveyor can have on their daily operations and long term capacity planning.  To find out how it can help you and your team, click on the button below to register for a free, fully-supported evaluation.

Register for an evaluation of Prime Factors' HSM Surveyor

 

Topics: HSM Management