# IBM

IBM hardware security modules (HSM) are fully compatible with Ripple Custody. IBM offers solutions for both on-premise and cloud key management.

For on-premise deployments with an IBM HSM, contact your Ripple liaison.

## On-premise

The IBM on-premise Ripple Custody implementation uses:

- IBM LinuxONE: A dedicated computing server with an integrated HSM
- CryptoExpress 6S (CEX6S)


The current HSM is FIPS 140-2 Level 4 certified. The HSM fully supports BIP32 and SLIP-10 derivation schemes.

The vault is securely deployed to an HPVS. You can deploy the other parts of the Ripple Custody stack to other logical partitions within the same device.

With IBM on-premise, you are fully in control of your own data and keys. You can deploy one or multiple vaults to several logical partitions of LinuxONE. You can implement both connected hot vaults and disconnected cold vaults.

### Key generation

The HSM is initialized with a trusted key entry (TKE) ceremony.

For more information, see What is TKE?

The standard key generation process is as follows:

1. On configuration of the vault to use the HSM, the vault requests the HSM to securely generate a seed.
2. The HSM generates the seed, encrypts the seed, and returns the encrypted seed to the vault. You can store the encrypted seed in a location of your choice, since it's not readable outside the HSM.
3. On creation of a new account, the HSM securely generates account keys through a deterministic derivation from the seed, using the SLIP-10 algorithm.


You can also request generation of account keys in a completely random manner, with no seed. We do not recommend this approach.

For more information, see [Key derivation](/products/custody/v1.19/overview/blockchain/accounts/key-derivation).

### Database backups

We highly recommend that you synchronously replicate the database backup right from the beginning, as the database is the source of truth.

## Cloud

The IBM Cloud implementation uses a hybrid model, consisting of:

- IBM Cloud high-performance-computing (HPC) with GREP11 API
- Ripple Cloud


IBM Cloud offers the same level of security as on-premise IBM, with the convenience of a cloud-managed service. The IBM Cloud HSM service is currently FIPS 140-2 Level 4 certified. The HSM fully supports BIP32 and SLIP-10 derivation schemes.

The vault is securely deployed to an HPVS, while the core and governance layer is hosted by Ripple in Ripple Cloud.

The division of responsibility in a cloud deployment is as follows:

- Your responsibilities: Deployment and monitoring of the health of the secure components in IBM Cloud.
- Ripple's responsibilities: Component updates and database backups.


As with on-premise, you can implement both connected hot vaults and disconnected cold vaults.

### Key generation

The same key generation process is followed as in an on-premise deployment.

### Database backups

Since the database is in the Ripple Cloud environment, regular database backups are performed by Ripple according to industry best practices.