PayShield HSM Device extension
- Latest Dynatrace
- Extension
Monitor PayShield Payment Hardware Security Module (HSM) Devices through SNMP.
Get started
Overview
Monitor PayShield HSM devices via SNMP to ensure secure and reliable payment operations.
This extension collects metrics to monitor the health and performance of your PayShield Payment HSM devices. Metrics are collected via SNMP protocol.
The extension package contains:
- SNMP Data Source configuration
- Overview dashboard (Classic & Gen3)
- Custom topology types extracted from metric dimensions:
- Payshield HSM Device
- Payshield HSM Device Fan
- Payshield HSM Device PSU
- SNMP MIB files used for monitoring:
- THALES-ESECURITY-PAYSHIELD-MIB
Use cases
- Monitor important device information and metrics related to fraud PIN limits, licensing data, health diagnostic checks, host and log commands.
- Track status markers for devices, fans and power supply units (PSUs).
Requirements
Simply activate the extension in your environment using the in-product Hub, provide the necessary device configuration and you’re all set up.
To learn more, see SNMP extension data source documentation.
Compatibility information
- SNMP v2c or SNMP v3
- Dynatrace version 1.310+
- ActiveGate version 1.301+
Details
Licensing and costs
There is no charge to use the extension. You are only charged for the data that the extension ingests.
The PayShield HSM Device extension ingests custom metrics, which consume Davis Data Units (DDUs) (Dynatrace classic license) or Metrics powered by Grail (DPS), according to your license model.
Metric data points per minute per device:
20 + (1 * Device Fans) + (1 * Device PSUs)
Dynatrace Platform Subscription
In the Dynatrace Platform Subscription, metric ingestion consumes Metrics powered by Grail according to the number of ingested metric data points.
To calculate the approximate yearly consumption, apply the following calculation: <metric data points per minute> * 60 minutes * 24 hours * 365 days.
Dynatrace classic license
In the classic licensing model, metric ingestion consumes Davis Data Units (DDUs) at the rate of .001 DDUs per metric data point. Multiply the above formula for annual data points by .001 to estimate annual DDU usage.
The DDU cost above does not include any possible log events or custom events that are triggered by the extension. For more information, see DDU events.
Feature sets
When activating your extension using a monitoring configuration, you can limit monitoring to one of the feature sets. To work properly, the extension has to collect at least one metric after the activation.
In highly segmented networks, feature sets can reflect the segments of your environment. Then, when you create a monitoring configuration, you can select a feature set and a corresponding ActiveGate group that can connect to this particular segment.
All metrics that aren't categorized into any feature set are considered to be the default and are always reported.
A metric inherits the feature set of a subgroup, which in turn inherits the feature set of a group. Also, the feature set defined on the metric level overrides the feature set defined on the subgroup level, which in turn overrides the feature set defined on the group level.
Fraud PIN
| Metric name | Metric key | Description |
|---|---|---|
| Fraud PIN verify limits exceeded | hsm.payshield.fraud_pin.limits_exceeded.verify | 1 if fraud detection is turned on, and either the allowable PIN verifications/minute, or PIN verifications/hour, have been exceeded |
| Fraud PIN attack limits exceeded | hsm.payshield.fraud_pin.limits_exceeded.attack | 1 if fraud detection is turned on, AND the total number of PIN attacks have exceeded the allowed count |
Host and log commands
| Metric name | Metric key | Description |
|---|---|---|
| payShield host commands enabled | hsm.payshield.enabled_host_commands | The number of host commands enabled on this payShield |
| payShield total entries in error log | hsm.payshield.logs.error_log.total_count.gauge | Total number of entries in the error log |
| payShield max length in error log | hsm.payshield.logs.error_log.max_length | Maximum number of entries in the error log |
| payShield total entries in audit log | hsm.payshield.logs.audit_log.total_count.gauge | Total number of entries in the audit log |
| payShield max length in in audit log | hsm.payshield.logs.audit_log.max_length | Maximum number of entries in the audit log |
Fan state
| Metric name | Metric key | Description |
|---|---|---|
| Fan state | hsm.payshield.state.fan | The current state of this fan (1- stateOK, 2- stateFailure, 3- stateNotDetected) |
PSU state
| Metric name | Metric key | Description |
|---|---|---|
| PSU state | hsm.payshield.state.psu | Indicates the current state of this power supply unit (1- stateOK, 2- stateFailure, 3- stateNotDetected) |
payShield state
| Metric name | Metric key | Description |
|---|---|---|
| payShield device state | hsm.payshield.state.device | The current state of the payShield (1- stateUnavailable, 2- stateOnline, 3- stateOffline, 4- stateSecure) |
default
| Metric name | Metric key | Description |
|---|---|---|
| Tamper state | hsm.payshield.state.tamper | The tamper state of the payShield device (1- stateUnknown, 2- stateOK, 3- stateTampered) |
| Battery state | hsm.payshield.state.battery | The current state of the battery (1- stateOK, 2- stateWarning, 3- stateFailure) |
| Payshield HSM software | hsm.payshield.version_software.entity | Placeholder metric for software version info dimensions (only dimension data is relevant) |
Health checks
| Metric name | Metric key | Description |
|---|---|---|
| Diagnostic self-test status | hsm.payshield.health.diag_selftest.ok | True (1) unless one or more of the tests in the last self test failed |
| Diagnostic self-test count | hsm.payshield.health.diag_selftest.count.gauge | The number of self tests run last test cycle on this payShield |
| Health check enabled | hsm.payshield.health.healthcheck.enabled | Whether the payShield is presently collecting health check data (1- True, 2- False) |
| payShield reboot count | hsm.payshield.health.healthcheck.counts.reboot | Number of times the payShield rebooted since the last reset of health counters |
| payShield tamper count | hsm.payshield.health.healthcheck.counts.tamper | The number of tampers detected since the last reset of health counters |
| payShield pin attack limit exceeded count | hsm.payshield.health.healthcheck.counts.pin_attack_limit_exceeded | The number of times the pin attack limit was exceeded since the last reset of health counters |
Licensing
| Metric name | Metric key | Description |
|---|---|---|
| Licensing performance model | hsm.payshield.licensing.performance_model | The maximum calls per second this payShield unit is licensed for |
| Optional licensing count | hsm.payshield.licensing.optional.license_count.gauge | The number of optional licenses this payShield unit has installed |
| Cryptographic algorithm count | hsm.payshield.licensing.crypto_algorithm_count.gauge | The number of Cryptographic Algorithms enabled by the payShield's licensing |
