| title | description | services | ms.service | author | ms.author | ms.date | ms.topic | ms.devlang | ms.custom |
|---|---|---|---|---|---|---|---|---|---|
Quickstart - Create an Azure Payment HSM with Azure PowerShell |
Create, show, list, update, and delete Azure Payment HSMs by using Azure PowerShell |
payment-hsm |
payment-hsm |
msmbaldwin |
mbaldwin |
01/30/2024 |
quickstart |
azurepowershell |
devx-track-azurepowershell |
[!INCLUDE Payment HSM intro]
This quickstart describes how you can create an Azure Payment HSM using the Az.DedicatedHsm PowerShell module.
[!INCLUDE Specialized service]
-
You must register the "Microsoft.HardwareSecurityModules" and "Microsoft.Network" resource providers, as well as the Azure Payment HSM features. Steps for doing so are at Register the Azure Payment HSM resource provider and resource provider features.
[!WARNING] You must apply the "FastPathEnabled" feature flag to every subscription ID, and add the "fastpathenabled" tag to every virtual network. For more information, see Fastpathenabled.
To quickly ascertain if the resource providers and features are already registered, use the Azure PowerShell Get-AzProviderFeature cmdlet:
Get-AzProviderFeature -FeatureName "AzureDedicatedHsm" -ProviderNamespace Microsoft.HardwareSecurityModules
Get-AzProviderFeature -FeatureName "FastPathEnabled" -ProviderNamespace Microsoft.Network
You can continue with this quick start if the "RegistrationState" of both commands returns "Registered".
-
You must have an Azure subscription. You can create a free account if you don't have one.
If you have more than one Azure subscription, set the subscription to use for billing with the Azure PowerShell Set-AzContext cmdlet.
Set-AzContext -Subscription "<subscription-id>"
[!INCLUDE azure-powershell-requirements-no-header.md]
-
You must install the Az.DedicatedHsm PowerShell module:
Install-Module -Name Az.DedicatedHsm
[!INCLUDE Create a resource group with the Azure PowerShell]
Before creating a payment HSM, you must first create a virtual network and a subnet.
First, set some variables for use in the subsequent operations:
$VNetAddressPrefix = @("10.0.0.0/16")
$SubnetAddressPrefix = "10.0.0.0/24"
$tags = @{fastpathenabled="true"}
Use the Azure PowerShell New-AzDelegation cmdlet to create a service delegation to be added to your subnet, and save the output to the $myDelegation variable:
$myDelegation = New-AzDelegation -Name "myHSMDelegation" -ServiceName "Microsoft.HardwareSecurityModules/dedicatedHSMs"
Use the Azure PowerShell New-AzVirtualNetworkSubnetConfig cmdlet to create a virtual network subnet configuration, and save the output to the $myPHSMSubnet variable:
$myPHSMSubnetConfig = New-AzVirtualNetworkSubnetConfig -Name "myPHSMSubnet" -AddressPrefix $SubnetAddressPrefix -Delegation $myDelegation
Note
The New-AzVirtualNetworkSubnetConfig cmdlet will generate a warning, which you can safely ignore.
To create an Azure Virtual Network, use the Azure PowerShell New-AzVirtualNetwork cmdlet:
New-AzVirtualNetwork -Name "myVNet" -ResourceGroupName "myResourceGroup" -Location "EastUS" -Tag $tags -AddressPrefix $VNetAddressPrefix -Subnet $myPHSMSubnetConfig
To verify that the virtual network was created correctly, use the Azure PowerShell Get-AzVirtualNetwork cmdlet:
Get-AzVirtualNetwork -Name "myVNet" -ResourceGroupName "myResourceGroup"
Make note of the value returned as Id, as it is used in the next step. The Id is in the format:
"Id": "/subscriptions/<subscriptionID>/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/myPHSMSubnet",To create a payment HSM, use the New-AzDedicatedHsm cmdlet and the VNet ID from the previous step:
New-AzDedicatedHsm -Name "myPaymentHSM" -ResourceGroupName "myResourceGroup" -Location "East US" -Sku "payShield10K_LMK1_CPS60" -StampId "stamp1" -SubnetId "<subnet-id>"
The output of payment HSM creation looks like this:
Name Provisioning State SKU Location
---- ------------------ --- --------
myHSM Succeeded payShield10K_LMK1_CPS60 East US
To see your payment HSM and its properties, use the Azure PowerShell Get-AzDedicatedHsm cmdlet.
Get-AzDedicatedHsm -Name "myPaymentHSM" -ResourceGroup "myResourceGroup"
To list all of your payment HSMs, use the Get-AzDedicatedHsm cmdlet with no parameters.
To get more information on your payment HSM, you can use the Get-AzResource cmdlet, specifying the resource group, and "Microsoft.HardwareSecurityModules/dedicatedHSMs" as the resource type:
Get-AzResource -ResourceGroupName "myResourceGroup" -ResourceType "Microsoft.HardwareSecurityModules/dedicatedHSMs"
To remove your payment HSM, use the Azure PowerShell Remove-AzDedicatedHsm cmdlet. The following example deletes the myPaymentHSM payment HSM from the myResourceGroup resource group:
Remove-AzDedicatedHsm -Name "myPaymentHSM" -ResourceGroupName "myResourceGroup"
[!INCLUDE Delete a resource group with Azure PowerShell]
In this quickstart, you created a payment HSM, viewed and updated its properties, and deleted it. To learn more about Payment HSM and how to integrate it with your applications, continue on to these articles.
- Read an Overview of Payment HSM
- Find out how to get started with Azure Payment HSM
- See some common deployment scenarios
- Learn about Certification and compliance
- Read the frequently asked questions