When integrating a VirtuCrypt cloud payment HSM with a public cloud, several components are incorporated to ensure the process moves smoothly. First, we will define the necessary components of the infrastructure, then we will show how the process works. In some scenarios, not all these components are required. When architecting a cloud payment HSM infrastructure, it is important to outline your organization’s goals and discuss how best to achieve them both with Futurex’s Solutions Architects and with your payment application provider.
The following components are used to integrate public clouds with VirtuCrypt cloud payment HSMs:
VirtuCrypt
- VirtuCrypt Intelligence Portal (VIP) Account
- Cryptoverse
- CryptoTunnel
- VirtuCrypt Access Point (VAP)
Public Cloud Provider
- Virtual Private Cloud (VPC)
- Endpoints/PrivateLink
VirtuCrypt Intelligence Portal (VIP) Account
The VirtuCrypt Intelligence Portal is the primary method through which users manage their cloud payment HSM service. An account is needed on the VIP to integrate the public cloud with the cloud payment HSM. The VIP is a secure website for configuring and reviewing everything related to your organization’s VirtuCrypt services. Through its dashboard, the VIP allows for secure management and monitoring of your entire cloud payment HSM environment, audit logs, and tracking account activity from a single location. Existing VirtuCrypt customers will already have accounts on the VIP, but new customers will need to create a new account on the VIP Dashboard.
Cryptoverse
Utilizing a PKI managed by VirtuCrypt, a Cryptoverse isolates which services the public cloud applications have access to. A Cryptoverse is used to ensure mutual authentication and strong encryption with all endpoints, whether those are cloud HSM services, incoming connections to VirtuCrypt, access points like load balancers and edge systems, or client applications. Services are segregated by their Cryptoverse and users must download client keys and certificates for remote applications to authenticate to different services.
CryptoTunnel
A CryptoTunnel defines the connection parameters to VirtuCrypt. It consists of a name, the Cryptoverse used to authenticate incoming clients, the service that the tunnel will be routed to (the cloud HSM), the incoming channel (Internet, public cloud, etc.), the public cloud provider, the region of the public cloud that will be operated in, and any information that must be whitelisted.
VirtuCrypt Access Point (VAP)
A VirtuCrypt Access Point (VAP) is a VirtuCrypt-owned Virtual Private Cloud. Virtual Private Clouds allow for a logically separated section of the public cloud where an organization, in this case VirtuCrypt, defines its own virtual network. The VAP enables access to VirtuCrypt from a public cloud in a secure manner without directly transiting the Internet, and it also offers connectivity for a range of other access methods. These access methods include connections from and between different public cloud provider regions (US/Canada, Europe, Latin America, for example), access from on-premises applications using a VPN, or hybrid environments.
Endpoints/PrivateLink
The endpoint allows your organization to access VirtuCrypt in the public cloud. An endpoint must be designated on the VirtuCrypt Access Point to create the communication channel between the public cloud and the VirtuCrypt cloud payment HSM.
