Tutorial: Use a VPN to access the payShield manager for your payment HSM
After you Create an Azure Payment HSM, you can connect to its payShield manager through your browser.
To connect to payShield manager, you need to have an on-premises, standard PC with a supported web-browser, together with the USB connected payShield Manager Reader and payShield Manager smart cards. Users connect to the payShield 10K via HTTP(s) using a configured management NIC IP address.
You need a minimum of five smart cards (three cards for a CTA set, a Left Key Card and a Right Key Card) and one reader. See Thales's payShield 10K Installation and User Guide for the detailed instructions.
Sample deployment scenarios
Here are two sample scenarios for connecting to payShield manager for your payment HSM.
Sample deployment 1:
Sample deployment 2:
To access payShield manager from your on-premises PC, directly connect to HSMMgmtNic private IP address (10.1.0.4)
Next steps
When you can access payShield Manager, proceed to the steps for HSM commissioning, HSM configuration, and loading LMKs:
- Install the smart card reader driver.
- Install the Thales browser extension and local application component.
- Commission your payShield.
- Do the initial configuration steps.
- Generate and install LMKs.
- Test the API.
Please follow Thales’s payShield 10K Installation and User Guide for the detailed instructions, and contact Thales support if there are any issues.
Microsoft maintains a base firmware across the fleet, you can check the base firmware version from the HSM allocated, or check the support guide. You must upgrade the firmware based on your requirements.
More resources:
- Read an Overview of Payment HSM
- Find out how to get started with Azure Payment HSM
- Create a payment HSM