Adding or removing crypto units

Step 1: Request to add crypto units

To add or remove crypto units, you need to first raise a support ticket.

1. In your IBM Cloud dashboard, click the Help icon > Support center from the UI menu bar to enter the Support Center. Click View all in the Recent support cases panel and click Create new case. Or, you can directly go to the Manage cases page and click Create new case.

2. On the Create a case page displayed, select the offering Hyper Protect Crypto Services, and then specify the following values:

   Table 1. Describes the fields that are required to add crypto units

   Field name	Action
   Subject	Enter Add crypto units.
   Description	Enter your service instance ID, the region that your service instance resides in, and the number of crypto units you want to add. You can have no more than three crypto units for a service instance.
   Selected resources	Select your Hyper Protect Crypto Services service instance.

3. Check the Email me updates about this issue box, and click Continue to review > Create case.

   After the operation is completed successfully, you will get an email notification. You can also check the state in the Support Center by clicking the Help icon > Support center from the UI menu bar.

4. To view the number of crypto units in the current service instance, run the ibm tke cryptounits command in the CLI. Or you can select the Crypto units tab in the Trusted Key Entry application, depending on how you store your master key parts.

For availability and disaster-recovery capability, if you request to add crypto units, the new crypto units are automatically allocated in different availability zones within the same region.

Before you can use the new crypto units, complete the following two steps to initialize and activate them.

Step 2: Initialize the new crypto units

Depending on how you store your master key parts, you might initialize the new crypto units with the TKE CLI plug-in, or smart cards together with the Management Utilities. Make sure to configure the new crypto units the same as the existing crypto units by referring to the following instructions:

• If you load the master key from your workstation, see Initializing service instances with the IBM Cloud TKE CLI plug-in.
• If you load the master key from smart cards, see Initializing service instances with smart cards and the Management Utilities.

Extra monthly costs apply for each new crypto unit. You can check the detailed charges on the billing and usage page under your account.

Step 3: Request to activate the new crypto units

After you initialize the new crypto units, you need to raise another support ticket to activate them.

1. In your IBM Cloud dashboard, click the Help icon > Support center from the UI menu bar to enter the Support Center. Click View all in the Recent support cases panel and click Create new case. Or, you can directly go to the Manage cases page and click Create new case.

2. On the Create a case page displayed, select the offering Hyper Protect Crypto Services, and then specify the following values:

   Table 2. Describes the fields that are required to activate new crypto units

   Field name	Action
   Subject	Enter Activate new crypto units.
   Description	Enter your service instance ID, the region that your service instance resides in, the number of new crypto units, and the case number of the support ticket that is previously raised in step 1.
   Selected resources	Select your Hyper Protect Crypto Services service instance.

3. Check the Email me updates about this issue box, and click Continue to review > Create case.

   After the activation is completed successfully, you will get an email notification. You can also check the state in the Support Center by clicking the Help icon > Support center from the UI menu bar.