Service guides - Futurex Documentation

TheServices page contains a list of available and deployed third-party integrations and custom tools to enhance your CryptoHub’s function. This section provides detailed technical documentation to help integrate third-party applications with the Futurex CryptoHub.

What is a service?

Services are deployable CryptoHub tools that you can add to your unit. Most services add third-party features to your unit, enabling you to incorporate functions like Google Cloud Key Management and more. Other services include CryptoHub tools built by our engineers to support complicated workflows, such as our Payment Key Injection services that simplify PED injections. These services can be managed in the Services page, but they’re also accessible in their relevant tool page in the left-side menu.

SeeManaging services andService logs for administrative guides and documentation.

Futurex certification process

The Futurex certification process is a rigorous and standardized approach to testing and certifying integrations between third-party applications and the Futurex CryptoHub. The certification process ensures that we fully test and validate third-party application integrations in a lab environment before deploying them in a production environment. Our integration Engineering team implements this process so that you can be confident that third-party applications integrate seamlessly with Futurex CryptoHub devices and that all operations result in the expected behavior. The certification process involves several steps, including research, testing, troubleshooting, and certification, and is fully documented in an integration guide for each integration. The full process includes the following steps:

Research the third-party application to gain a general understanding of the solution and the protocol it uses to integrate with an HSM or KMS device (such as PKCS #11, Microsoft CNG, JCE, OpenSSL Engine, and KMIP).
Determine the scope of the third-party application use of the HSM or KMS device, including the specific functionalities it uses (for example, data encryption, key protection, entropy, and so on).
Install and configure the third-party application in a lab environment, where all testing and validation take place.
Establish a connection between the third-party application and the CryptoHub, which typically involves configuring TLS certificates and creating roles and identities that the third-party application uses to connect and authenticate to CryptoHub.
Initiate a request from the third-party application to the CryptoHub, such as generating keys or certificates, encrypting or decrypting data, or performing other cryptographic functions.
If any errors occur during the testing process, the Integration Engineering team diagnoses the issues and takes necessary corrective actions. If necessary, the team also documents the errors by creating engineering change requests (ECRs) to ensure all issues are addressed and resolved before certification.
After any necessary engineering changes have been made, the team performs a new end-to-end test to ensure that all errors are resolved and all operations are successful.
Certify the integration by creating an integration guide that covers all necessary prerequisites, lists configurations required in both the third-party application and CryptoHub, and provides instructions to test functionality.

By following these steps, we ensure that the integration between the third-party application and the Futurex CryptoHub is fully tested and validated and that we resolve any errors or issues before we certify the integration as fully supported.

Integration guide organization

This section contains guides that result from a rigorous certification process in which our Integration Engineering team thoroughly tests and validates each integration in a lab environment before certifying it for customer deployment. Each integration guide is specific to a particular third-party application and explains how to integrate those applications with the CryptoHub by using supported protocols such as PKCS #11, Microsoft CNG, JCE, OpenSSL Engine, KMIP, and more.

This guide assumes you have a solid technical understanding of the third-party application, cryptographic concepts, and basic networking.

The following process shows the typical organization of our integration guides:

Before you start: Covers supported hardware models, OS versions, third-party software, and other prerequisites.
Deploy the integration in CryptoHub: Provides a straightforward wizard-based deployment for the integration service you are deploying.
Create an Endpoint for the service: Explains how to create new endpoints for the service, making it easy for the third-party application to connect and authenticate to the CryptoHub.
Configure the third-party application: Shows how to configure the application to connect to the Futurex device and use its cryptographic functionalities.
Test the integration: Provides test cases and expected results to validate that the integration works end-to-end for key use cases properly.
Troubleshoot common issues: Offers tips for diagnosing and resolving common errors or issues seen with the integration.