Schedule demo
Home

AWS CloudHSM Monitoring

AWS CloudHSM - Overview

AWS CloudHSM is a managed hardware security module (HSM) service that allows you to generate and use encryption keys securely while retaining full control. An HSM is a specialized computing device designed to handle cryptographic operations and securely store cryptographic keys. CloudHSM plays a critical role in protecting sensitive data, performing encryption tasks, and securing applications that require high-assurance key management.

Monitoring AWS CloudHSM is vital to ensuring security, performance, and compliance. Applications Manager's AWS CloudHSM monitoring tool tracks key network performance metrics such as data throughput and packet drops, ensuring seamless encryption operations. By proactively identifying issues like degraded HSMs or network failures, the tool helps maintain security compliance, optimize performance, and prevent disruptions in cryptographic services.

Creating a new AWS CloudHSM monitor

To learn how to create a new AWS CloudHSM monitor, refer here.

Monitored Parameters

Go to the Monitors Category View by clicking the Monitors tab. Click on the CloudHSM instance available under Amazon in the Cloud Apps section. Displayed below is the AWS CloudHSM bulk configuration view distributed into three tabs:

  • Availability tab gives the availability history for the past 24 hours or 30 days.
  • Performance tab gives the health status and events for the past 24 hours or 30 days.
  • List view tab enables you to perform bulk admin configurations.

By clicking a monitor from the list, you'll be taken to the AWS CloudHSM dashboard which includes the following tabs:

Performance Overview

ParameterDescription
CLUSTER INFORMATION
Cluster StateThe cluster's state.
Possible Values: CREATE_IN_PROGRESS | UNINITIALIZED | INITIALIZE_IN_PROGRESS | INITIALIZED | ACTIVE | UPDATE_IN_PROGRESS | MODIFY_IN_PROGRESS | ROLLBACK_IN_PROGRESS | DELETE_IN_PROGRESS | DELETED | DEGRADED
HSM Health StatusThe health status of HSMs in the cluster at the time of polling, indicating if any HSM is currently healthy or unhealthy.
HSM TemperatureThe average temperature of all HSMs in the cluster at the time of polling (in °C).
Number of HSMsThe total number of HSMs created in the cluster.
KEY USAGE: SESSION VS. TOKEN
Session Keys In UseThe average number of session keys currently occupied across all HSMs in the cluster between the poll interval.
Token Keys In UseThe average number of token keys currently occupied across all HSMs in the cluster between the poll interval.
HSM USAGE
Active HSM SessionsThe average number of active sessions across all HSMs in the cluster between the poll interval.
SSL Contexts in UseThe average number of end-to-end encrypted channels currently established across all HSMs in the cluster between the poll interval.
HSM USERS
User Slots OccupiedThe average number of user slots occupied across all HSMs in the cluster at the time of polling.
User Slots AvailableThe average number of users created in the HSM at the time of polling.
Users Slot LimitThe maximum number of user slots available across all HSMs in the cluster at the time of polling.
USER SLOT UTILIZATION
User Slot UtilizationThe average percentage of user slots occupied across all HSMs in the cluster at the time of polling (in %).
ETHERNET 2 DATA THROUGHPUT
Rate of Ethernet 2 Data ReceivedThe total amount of data received per minute on the Ethernet 2 interface between the poll interval (in MB/min).
Ethernet 2 Data ReceivedThe total amount of data received on the Ethernet 2 interface between the poll interval (in MB).
Rate of Ethernet 2 Data SentThe total amount of data sent per minute from the Ethernet Interface 2 between the poll interval (in MB/min).
Ethernet 2 Data SentThe total amount of data sent from the Ethernet 2 interface between the poll interval (in MB).
ETHERNET 2: RECEIVED VS. DROPPED PACKETS
Rate of Ethernet 2 Packets ReceivedThe total number of packets received per minute on the Ethernet 2 interface between the poll interval (in packets/min).
Ethernet 2 Packets ReceivedThe total number of packets received on the Ethernet 2 interface between the poll interval.
Rate of Ethernet 2 Incoming Packet DropsThe total number of incoming packets dropped per minute on the Ethernet 2 interface between the poll interval (in packets/min).
Ethernet 2 Incoming Packet DropsThe total number of incoming packets dropped on the Ethernet 2 interface for the specified HSM between the poll interval.
ETHERNET 2: SENT VS. DROPPED PACKETS
Rate of Ethernet 2 Packets SentThe total number of packets sent per minute from the Ethernet 2 interface between the poll interval (in packets/min).
Ethernet 2 Packets SentThe total number of packets sent from the Ethernet 2 interface between the poll interval.
Rate of Ethernet 2 Outgoing Packet DropsThe total number of outgoing packets dropped per minute on the Ethernet 2 interface between the poll interval (in packets/min).
Ethernet 2 Outgoing Packet DropsThe total number of outgoing packets dropped on the Ethernet 2 interface between the poll interval.
I/O ERRORS
Ethernet 2 Input ErrorsThe total number of input errors on the Ethernet 2 interface between the poll interval.
Ethernet 2 Output ErrorsThe total number of output errors on the Ethernet 2 interface between the poll interval.

HSM

ParameterDescription
HSM DETAILS
HSM IDThe HSM's identifier (ID).
IP AddressThe IP address of the HSM's elastic network interface (ENI).
Availability ZoneThe Availability Zone that contains the HSM.
SubnetThe subnet that contains the HSM's elastic network interface (ENI).
User Slots OccupiedThe average number of user slots occupied across all HSMs in the cluster at the time of polling.
User Slots AvailableThe average number of available user slots across all HSMs in the cluster at the time of polling.
HSM User Slot UtilizationThe average percentage of user slots occupied in a specific HSM within the cluster at the time of polling.
StateThe HSM's state.
Possible Values: CREATE_IN_PROGRESS | ACTIVE | DEGRADED | DELETE_IN_PROGRESS | DELETED
State MessageA description of the HSM's state.
HSM HealthThe health status of HSMs in the cluster at the time of polling, indicating if any HSM is currently healthy or unhealthy.
HSM STATISTICS
HSM IDThe HSM's identifier (ID).
Session Keys In UseThe average number of session keys being used by the specific HSM instance between the poll interval.
Token Keys In UseThe average number of token keys being used by the specific HSM instance between the poll interval.
Active HSM SessionsThe average number of active sessions for the specific HSM in the cluster between the poll interval.
SSL Contexts In UseThe average number of open connections to the HSM instance between the poll interval.
HSM TemperatureThe average temperature of the specific HSM in the cluster at the time of polling.

Configuration

ParameterDescription
CONFIGURATION
VPC IDThe identifier (ID) of the virtual private cloud (VPC) that contains the cluster.
Security GroupThe identifier (ID) of the cluster's security group.
ModeThe mode of the cluster.
Possible Values: FIPS | NON_FIPS
HSM TypeThe type of HSM that the cluster contains.
Network TypeThe network type used by the cluster.
Possible Values: IPV4 | DUALSTACK
Creation DateThe date and time when the cluster was created.
Backup Retention PeriodThe number of days to retain backups.

Loved by customers all over the world

"Standout Tool With Extensive Monitoring Capabilities"

It allows us to track crucial metrics such as response times, resource utilization, error rates, and transaction performance. The real-time monitoring alerts promptly notify us of any issues or anomalies, enabling us to take immediate action.

Reviewer Role: Research and Development

carlos-rivero
"I like Applications Manager because it helps us to detect issues present in our servers and SQL databases."
Carlos Rivero

Tech Support Manager, Lexmark

Trusted by over 6000+ businesses globally