AWS CloudHSM監視
概要
AWS CloudHSMは、マネージドハードウェアセキュリティモジュール(HSM)サービスです。これにより、完全な制御を維持しながら、暗号化キーを安全に生成および使用できます。HSMは、暗号化操作を処理し、暗号化キーを安全に保存するために設計された特殊なコンピューティングデバイスです。CloudHSMは、機密データの保護、暗号化タスクの実行、そして高信頼のキー管理を必要とするアプリケーションのセキュリティ確保において重要な役割を果たします。
AWS CloudHSMの監視は、セキュリティ、パフォーマンス、コンプライアンスの確保に不可欠です。Applications ManagerのAWS CloudHSM監視ツールは、データスループットやパケットドロップなどの主要なネットワークパフォーマンスメトリクスを追跡し、シームレスな暗号化運用を実現します。HSMの劣化やネットワーク障害などの問題をプロアクティブに特定することで、セキュリティコンプライアンスの維持、パフォーマンスの最適化、暗号化サービスの中断防止に役立ちます。
新規監視追加方法
新規AWS CloudHSM監視を作成する方法はこちらをご参照ください。
監視対象パラメータ
監視タブをクリックして、監視カテゴリ ビューに移動します。クラウド アプリセクションのAmazonで利用可能なCloudHSMインスタンスをクリックします。3つのタブに分かれたCloudHSMの一括設定ビューが表示されます。
- 可用性タブでは、過去24時間か30日の可用性履歴がわかります。
- パフォーマンス タブでは、過去24時間か30日のステータスとイベントがわかります。
- リスト ビューでは、一括管理設定が可能です。
リストから監視をクリックすると、次のタブを含むAWS CloudHSMダッシュボードに移動します。
パフォーマンス概要
| パラメーター | 説明 |
|---|---|
| CLUSTER INFORMATION | |
| Cluster State | The cluster's state. Possible Values: CREATE_IN_PROGRESS | UNINITIALIZED | INITIALIZE_IN_PROGRESS | INITIALIZED | ACTIVE | UPDATE_IN_PROGRESS | MODIFY_IN_PROGRESS | ROLLBACK_IN_PROGRESS | DELETE_IN_PROGRESS | DELETED | DEGRADED |
| HSM Health Status | The health status of HSMs in the cluster at the time of polling, indicating if any HSM is currently healthy or unhealthy. |
| HSM Temperature | The average temperature of all HSMs in the cluster at the time of polling (in °C). |
| Number of HSMs | The total number of HSMs created in the cluster. |
| KEY USAGE: SESSION VS. TOKEN | |
| Session Keys In Use | The average number of session keys currently occupied across all HSMs in the cluster between the poll interval. |
| Token Keys In Use | The average number of token keys currently occupied across all HSMs in the cluster between the poll interval. |
| HSM USAGE | |
| Active HSM Sessions | The average number of active sessions across all HSMs in the cluster between the poll interval. |
| SSL Contexts in Use | The average number of end-to-end encrypted channels currently established across all HSMs in the cluster between the poll interval. |
| HSM USERS | |
| User Slots Occupied | The average number of user slots occupied across all HSMs in the cluster at the time of polling. |
| User Slots Available | The average number of users created in the HSM at the time of polling. |
| Users Slot Limit | The maximum number of user slots available across all HSMs in the cluster at the time of polling. |
| USER SLOT UTILIZATION | |
| User Slot Utilization | The average percentage of user slots occupied across all HSMs in the cluster at the time of polling (in %). |
| ETHERNET 2 DATA THROUGHPUT | |
| Rate of Ethernet 2 Data Received | The total amount of data received per minute on the Ethernet 2 interface between the poll interval (in MB/min). |
| Ethernet 2 Data Received | The total amount of data received on the Ethernet 2 interface between the poll interval (in MB). |
| Rate of Ethernet 2 Data Sent | The total amount of data sent per minute from the Ethernet Interface 2 between the poll interval (in MB/min). |
| Ethernet 2 Data Sent | The total amount of data sent from the Ethernet 2 interface between the poll interval (in MB). |
| ETHERNET 2: RECEIVED VS. DROPPED PACKETS | |
| Rate of Ethernet 2 Packets Received | The total number of packets received per minute on the Ethernet 2 interface between the poll interval (in packets/min). |
| Ethernet 2 Packets Received | The total number of packets received on the Ethernet 2 interface between the poll interval. |
| Rate of Ethernet 2 Incoming Packet Drops | The total number of incoming packets dropped per minute on the Ethernet 2 interface between the poll interval (in packets/min). |
| Ethernet 2 Incoming Packet Drops | The total number of incoming packets dropped on the Ethernet 2 interface for the specified HSM between the poll interval. |
| ETHERNET 2: SENT VS. DROPPED PACKETS | |
| Rate of Ethernet 2 Packets Sent | The total number of packets sent per minute from the Ethernet 2 interface between the poll interval (in packets/min). |
| Ethernet 2 Packets Sent | The total number of packets sent from the Ethernet 2 interface between the poll interval. |
| Rate of Ethernet 2 Outgoing Packet Drops | The total number of outgoing packets dropped per minute on the Ethernet 2 interface between the poll interval (in packets/min). |
| Ethernet 2 Outgoing Packet Drops | The total number of outgoing packets dropped on the Ethernet 2 interface between the poll interval. |
| I/O ERRORS | |
| Ethernet 2 Input Errors | The total number of input errors on the Ethernet 2 interface between the poll interval. |
| Ethernet 2 Output Errors | The total number of output errors on the Ethernet 2 interface between the poll interval. |
HSM
| パラメーター | 説明 |
|---|---|
| HSM DETAILS | |
| HSM ID | The HSM's identifier (ID). |
| IP Address | The IP address of the HSM's elastic network interface (ENI). |
| Availability Zone | The Availability Zone that contains the HSM. |
| Subnet | The subnet that contains the HSM's elastic network interface (ENI). |
| User Slots Occupied | The average number of user slots occupied across all HSMs in the cluster at the time of polling. |
| User Slots Available | The average number of available user slots across all HSMs in the cluster at the time of polling. |
| HSM User Slot Utilization | The average percentage of user slots occupied in a specific HSM within the cluster at the time of polling. |
| State | The HSM's state. Possible Values: CREATE_IN_PROGRESS | ACTIVE | DEGRADED | DELETE_IN_PROGRESS | DELETED |
| State Message | A description of the HSM's state. |
| HSM Health | The health status of HSMs in the cluster at the time of polling, indicating if any HSM is currently healthy or unhealthy. |
| HSM STATISTICS | |
| HSM ID | The HSM's identifier (ID). |
| Session Keys In Use | The average number of session keys being used by the specific HSM instance between the poll interval. |
| Token Keys In Use | The average number of token keys being used by the specific HSM instance between the poll interval. |
| Active HSM Sessions | The average number of active sessions for the specific HSM in the cluster between the poll interval. |
| SSL Contexts In Use | The average number of open connections to the HSM instance between the poll interval. |
| HSM Temperature | The average temperature of the specific HSM in the cluster at the time of polling. |
構成
| パラメーター | 説明 |
|---|---|
| CONFIGURATION | |
| VPC ID | The identifier (ID) of the virtual private cloud (VPC) that contains the cluster. |
| Security Group | The identifier (ID) of the cluster's security group. |
| Mode | The mode of the cluster. Possible Values: FIPS | NON_FIPS |
| HSM Type | The type of HSM that the cluster contains. |
| Network Type | The network type used by the cluster. Possible Values: IPV4 | DUALSTACK |
| Creation Date | The date and time when the cluster was created. |
| Backup Retention Period | The number of days to retain backups. |