[Webinar] Discover key trends and best practices in Kubernetes observability with DevOps expert, Viktor Farcic.Register now
Our recognition in the inaugural Gartner MQ for DEM

AWS CloudHSM Monitoring

AWS CloudHSM - Overview

AWS CloudHSM is a managed hardware security module (HSM) service that allows you to generate and use encryption keys securely while retaining full control. An HSM is a specialized computing device designed to handle cryptographic operations and securely store cryptographic keys. CloudHSM plays a critical role in protecting sensitive data, performing encryption tasks, and securing applications that require high-assurance key management.

Monitoring AWS CloudHSM is vital to ensuring security, performance, and compliance. Applications Manager's AWS CloudHSM monitoring tool tracks key network performance metrics such as data throughput and packet drops, ensuring seamless encryption operations. By proactively identifying issues like degraded HSMs or network failures, the tool helps maintain security compliance, optimize performance, and prevent disruptions in cryptographic services.

Creating a new AWS CloudHSM monitor

To learn how to create a new AWS CloudHSM monitor, refer here.

Monitored Parameters

Go to the Monitors Category View by clicking the Monitors tab. Click on the CloudHSM instance available under Amazon in the Cloud Apps section. Displayed below is the AWS CloudHSM bulk configuration view distributed into three tabs:

  • Availability tab gives the availability history for the past 24 hours or 30 days.
  • Performance tab gives the health status and events for the past 24 hours or 30 days.
  • List view tab enables you to perform bulk admin configurations.

By clicking a monitor from the list, you'll be taken to the AWS CloudHSM dashboard which includes the following tabs:

Performance Overview

Parameter Description
CLUSTER INFORMATION
Cluster State The cluster's state.
Possible Values: CREATE_IN_PROGRESS | UNINITIALIZED | INITIALIZE_IN_PROGRESS | INITIALIZED | ACTIVE | UPDATE_IN_PROGRESS | MODIFY_IN_PROGRESS | ROLLBACK_IN_PROGRESS | DELETE_IN_PROGRESS | DELETED | DEGRADED
HSM Health Status The health status of HSMs in the cluster at the time of polling, indicating if any HSM is currently healthy or unhealthy.
HSM Temperature The average temperature of all HSMs in the cluster at the time of polling (in °C).
Number of HSMs The total number of HSMs created in the cluster.
KEY USAGE: SESSION VS. TOKEN
Session Keys In Use The average number of session keys currently occupied across all HSMs in the cluster between the poll interval.
Token Keys In Use The average number of token keys currently occupied across all HSMs in the cluster between the poll interval.
HSM USAGE
Active HSM Sessions The average number of active sessions across all HSMs in the cluster between the poll interval.
SSL Contexts in Use The average number of end-to-end encrypted channels currently established across all HSMs in the cluster between the poll interval.
HSM USERS
User Slots Occupied The average number of user slots occupied across all HSMs in the cluster at the time of polling.
User Slots Available The average number of users created in the HSM at the time of polling.
Users Slot Limit The maximum number of user slots available across all HSMs in the cluster at the time of polling.
USER SLOT UTILIZATION
User Slot Utilization The average percentage of user slots occupied across all HSMs in the cluster at the time of polling (in %).
ETHERNET 2 DATA THROUGHPUT
Rate of Ethernet 2 Data Received The total amount of data received per minute on the Ethernet 2 interface between the poll interval (in MB/min).
Ethernet 2 Data Received The total amount of data received on the Ethernet 2 interface between the poll interval (in MB).
Rate of Ethernet 2 Data Sent The total amount of data sent per minute from the Ethernet Interface 2 between the poll interval (in MB/min).
Ethernet 2 Data Sent The total amount of data sent from the Ethernet 2 interface between the poll interval (in MB).
ETHERNET 2: RECEIVED VS. DROPPED PACKETS
Rate of Ethernet 2 Packets Received The total number of packets received per minute on the Ethernet 2 interface between the poll interval (in packets/min).
Ethernet 2 Packets Received The total number of packets received on the Ethernet 2 interface between the poll interval.
Rate of Ethernet 2 Incoming Packet Drops The total number of incoming packets dropped per minute on the Ethernet 2 interface between the poll interval (in packets/min).
Ethernet 2 Incoming Packet Drops The total number of incoming packets dropped on the Ethernet 2 interface for the specified HSM between the poll interval.
ETHERNET 2: SENT VS. DROPPED PACKETS
Rate of Ethernet 2 Packets Sent The total number of packets sent per minute from the Ethernet 2 interface between the poll interval (in packets/min).
Ethernet 2 Packets Sent The total number of packets sent from the Ethernet 2 interface between the poll interval.
Rate of Ethernet 2 Outgoing Packet Drops The total number of outgoing packets dropped per minute on the Ethernet 2 interface between the poll interval (in packets/min).
Ethernet 2 Outgoing Packet Drops The total number of outgoing packets dropped on the Ethernet 2 interface between the poll interval.
I/O ERRORS
Ethernet 2 Input Errors The total number of input errors on the Ethernet 2 interface between the poll interval.
Ethernet 2 Output Errors The total number of output errors on the Ethernet 2 interface between the poll interval.

HSM

Parameter Description
HSM DETAILS
HSM ID The HSM's identifier (ID).
IP Address The IP address of the HSM's elastic network interface (ENI).
Availability Zone The Availability Zone that contains the HSM.
Subnet The subnet that contains the HSM's elastic network interface (ENI).
User Slots Occupied The average number of user slots occupied across all HSMs in the cluster at the time of polling.
User Slots Available The average number of available user slots across all HSMs in the cluster at the time of polling.
HSM User Slot Utilization The average percentage of user slots occupied in a specific HSM within the cluster at the time of polling.
State The HSM's state.
Possible Values: CREATE_IN_PROGRESS | ACTIVE | DEGRADED | DELETE_IN_PROGRESS | DELETED
State Message A description of the HSM's state.
HSM Health The health status of HSMs in the cluster at the time of polling, indicating if any HSM is currently healthy or unhealthy.
HSM STATISTICS
HSM ID The HSM's identifier (ID).
Session Keys In Use The average number of session keys being used by the specific HSM instance between the poll interval.
Token Keys In Use The average number of token keys being used by the specific HSM instance between the poll interval.
Active HSM Sessions The average number of active sessions for the specific HSM in the cluster between the poll interval.
SSL Contexts In Use The average number of open connections to the HSM instance between the poll interval.
HSM Temperature The average temperature of the specific HSM in the cluster at the time of polling.

Configuration

Parameter Description
CONFIGURATION
VPC ID The identifier (ID) of the virtual private cloud (VPC) that contains the cluster.
Security Group The identifier (ID) of the cluster's security group.
Mode The mode of the cluster.
Possible Values: FIPS | NON_FIPS
HSM Type The type of HSM that the cluster contains.
Network Type The network type used by the cluster.
Possible Values: IPV4 | DUALSTACK
Creation Date The date and time when the cluster was created.
Backup Retention Period The number of days to retain backups.

Thank you for your feedback!

Was this content helpful?

We are sorry. Help us improve this page.

How can we improve this page?
Do you need assistance with this topic?
By clicking "Submit", you agree to processing of personal data according to the Privacy Policy.
Back to Top