manualshive.com logo in svg

Gemalto SafeNet Luna Network HSM 7.0, Installation Manual

The Gemalto SafeNet Luna Network HSM 7.0 is a cutting-edge hardware security module. Ensure a seamless installation with our comprehensive Installation Manual, available for free download at manualshive.com. This user-friendly manual provides step-by-step instructions to set up and utilize the advanced features of this state-of-the-art product.

Share
Download
background image

SafeNet Luna Network HSM 7.0

Installation Guide

Summary of Contents for SafeNet Luna Network HSM 7.0

Page 1: ...SafeNet Luna Network HSM 7 0 Installation Guide ...

Page 2: ... can obtain the full text of the Apache v2 0 Open Software license at the following URL https www apache org licenses LICENSE 2 0 libFDT Dual License Choice of BSD or GPL 2 0 Copyright C 2006 David Gibson IBM Corporation libsodium ISC License ISCL Copyright C 2013 2016 Linux Kernel GPL 2 0 OpenSSH This product uses a derived version of OpenSSH Copyright 1995 Tatu Ylonen Espoo Finland All rights re...

Page 3: ...d to the information contained herein including all implied warranties of merchantability fitness for a particular purpose title and non infringement In no event shall Gemalto be liable whether in contract tort or otherwise for any indirect special or consequential damages or any damages whatsoever including but not limited to damages resulting from loss of use data profits revenues or customers a...

Page 4: ...ply with the limits for a Class B digital device pursuant to part 15 of the FCC rules Canada This class B digital apparatus meets all requirements of the Canadian interference causing equipment regulations Europe This product is in conformity with the protection requirements of EC Council Directive 2014 30 EU This product satisfies the CLASS B limits of EN55032 SafeNet Luna Network HSM Installatio...

Page 5: ...work HSM Hardware 23 2 SafeNet Luna Remote PED Installation and Configuration 26 Required Items 26 Remote PED Setup 28 3 SafeNet Luna HSM Client Software Installation 32 Linux SafeNet Luna HSM Client Software Installation 33 Prerequisites 33 Installing the Client Software 34 Controlling User Access to Your Attached HSMs and Partitions 35 Uninstalling the Client Software or Removing Components 36 J...

Page 6: ... Client for the SafeNet Luna PCIe HSM 50 Installing the Luna HSM Client for the SafeNet Luna USB HSM 50 Installing the Luna HSM Client for the SafeNet Luna Backup HSM 51 Installing the Luna HSM Client for Remote PED 52 Uninstalling the Luna HSM Client 52 SafeNet Luna Network HSM Installation Guide Release 7 0 007 013576 002 Rev A June 2017 Copyright 2001 2017 Gemalto All rights reserved 6 ...

Page 7: ...ortant information about this release that is not included in the customer documentation Read the CRN to fully understand the capabilities limitations and known issues for this release You can view or download the latest version of the CRN from the Technical Support Customer Portal at https supportportal gemalto com Audience This document is intended for personnel responsible for maintaining your ...

Page 8: ...is situation you might do something that could result in catastrophic data loss or personal injury Command Syntax and Typeface Conventions Format Convention bold The bold attribute is used to indicate the following Command line commands and options Type dir p Button names Click Save As Check box and radio button names Select the Print Duplex check box Dialog box titles On the Protect Document dial...

Page 9: ...ct method Contact Phone Subject to change An up to date list is maintained on the Technical Support Customer Portal Global 1 410 931 7520 Australia 1800 020 183 India 000 800 100 4290 Netherlands 0800 022 2996 New Zealand 0800 440 359 Portugal 800 863 499 Singapore 800 1302 029 Spain 900 938 717 Sweden 020 791 028 Switzerland 0800 564 849 United Kingdom 0800 056 3158 United States 800 545 6608 Web...

Page 10: ...onents as listed in SafeNet Luna Network HSM Required Items on the next page 2 If you plan to mount the hardware in an equipment rack follow the instructions in Rack Mounting the SafeNet Luna Network HSM on page 16 3 Install and connect the hardware as described in Installing the SafeNet Luna Network HSM Hardware on page 23 SafeNet Luna Network HSM Installation Guide Release 7 0 007 013576 002Rev ...

Page 11: ...HSM order items The standard items that you should have received as your basic order for a SafeNet Luna Network HSM are Qty Item 1 SafeNet Luna Network HSM Appliance Your order should include one password authenticated or PED authenticated SafeNet Luna Network HSM The different HSM models appear physically identical 2 Power Supply Cord One for each power supply with connectors appropriate to your ...

Page 12: ...t Ear Bracket Set Set includes 2x front ear brackets 4x bracket screws 1 Mounting Bracket Set See Using the Supplied Mounting Brackets on page 16 for installation instructions Set includes 2x side rails SafeNet Luna Network HSM Installation Guide Release 7 0 007 013576 002 Rev A June 2017 Copyright 2001 2017 Gemalto All rights reserved 12 ...

Page 13: ...d position PED Authenticated SafeNet Luna Network HSM order items If you ordered a PED authenticated SafeNet Luna Network HSM you should have received some combination of the following items in addition to the items in the basic order Note that you can use PED keys that you already own and use with other HSMs PED keys can be used with multiple HSMs if that is appropriate in your context You should...

Page 14: ... other HSMs if appropriate You should purchase the number you need for your own convenient operation and for backup standby units as your security policies might require 1 Luna PED cable The PED device connects to your HSM using a Type A to Mini B USB cable 1 Luna PED Power Supply Kit If you ordered a Luna PED your order should include a Luna PED power supply kit with the appropriate connection fo...

Page 15: ...rver rack The optional sliding rail mounts allow for easy removal and access to the rear face of the HSM See Using the Optional Sliding Rail System on page 19 for installation instructions The set includes 2x sliding rail mounts with removable side rails 2x transformer brackets 4x round headed mounting screws 4x flat headed mounting screws 6x rail screws 1 SafeNet Luna Backup HSM SafeNet Luna Netw...

Page 16: ...unting brackets see Using the Supplied Mounting Brackets below If your order included the optional sliding rail mounting system see Using the Optional Sliding Rail System on page 19 The sliding rails are recommended for ease of installation and maintenance CAUTION Do not attempt to mount the appliance using only the front brackets damage can occur Using the Supplied Mounting Brackets Install and a...

Page 17: ... sliding rear brackets fit into the side rails 4 Install the two sliding rear brackets in your equipment rack using four of the rack mounting screws included Note While any standard equipment rack screws should fit the brackets certain large headed screws may interfere with the operation of the secure locking bezel To avoid this use only the screws included with the mounting bracket set SafeNet Lu...

Page 18: ...pull the appliance back towards you until the sliding rear brackets fit into the side rails Pull the appliance back onto the rear brackets until the front ear brackets meet the equipment rack CAUTION Support the weight of the appliance with the hydraulic lift until all four brackets are secured 7 Secure the front ear brackets using the last four included rack mounting screws SafeNet Luna Network H...

Page 19: ...use of this bezel Leaving the HSM uncovered for ease of access may compromise security The sliding rail mounts should fit into any standard 19 equipment rack Ensure you have all the necessary components before proceeding In addition to the supplied components you will need a 2 Philips screwdriver To mount the SafeNet Luna Network HSM hardware 1 Install the two front ear mounting brackets on the HS...

Page 20: ...asten the transformer bracket to each sliding mount with the remaining two wide flat headed screws 5 Loosely thread two of the six smaller flat headed screws into each side of the SafeNet Luna Network HSM Fit SafeNet Luna Network HSM Installation Guide Release 7 0 007 013576 002 Rev A June 2017 Copyright 2001 2017 Gemalto All rights reserved 20 ...

Page 21: ...ounts until they lock into place 7 The HSM should now move smoothly and securely on the rails Push the HSM all the way back and secure it to the transformer bracket with the four rounded screws Note Use only the screws included with the SafeNet Luna Network HSM Screws that are too large can prevent the locking bezel from fitting to the faceplate SafeNet Luna Network HSM Installation Guide Release ...

Page 22: ...on See Installing the SafeNet Luna Network HSM Hardware on the next page to continue the installation process SafeNet Luna Network HSM Installation Guide Release 7 0 007 013576 002 Rev A June 2017 Copyright 2001 2017 Gemalto All rights reserved 22 ...

Page 23: ...d PuTTY program for Windows or the SSH utilities that come standard with most Linux and UNIX platforms A computer that is to be used for Remote PED workstation operation against a SafeNet Luna Network HSM must have the PEDServer software and PED USB driver installed Applies to select Windows platforms only All three tasks Client administration and Remote PED can be performed on a single computer b...

Page 24: ... 2 0 connection does not provide enough power to run the PED 3 Press and release the Start Stop switch on the front panel 4 Connect the terminal port on the HSM appliance s rear panel to a dumb terminal PC or laptop using the USB to RJ45 adapter cable supplied This terminal provides serial access to LunaSH for initial network configuration See Open a Connection on page 1 for more information SafeN...

Page 25: ...s require the use of these physical access measures The locks fit over the posts highlighted below Turn the keys to the vertical position to lock the bezel The keys cannot be removed if the bezel is unlocked The two locks are keyed differently so the keys can be issued to different security personnel and kept in secure separate locations Note Leaving the keys in the bezel may interfere with closin...

Page 26: ...me additional hardware Remote PED can be distinguished from local PED by An orange label PED Remote to the right of the SafeNet logo Availability of menu item 7 Remote PED from the PED s main menu Required Items The following items are included with your Remote PED All are required for a successful installation Quantity Item 1 PED Remote PED Capable and with firmware 2 7 1 or newer 1 PED Power Sup...

Page 27: ...PED operation 1 Cable Data 9 pin Micro D to Micro D connectors for local PED operation prior to HSM firmware versions 7 x 1 Ten pack of iKey 1000 PED keys and sheets of peel and stick labels SafeNet Luna Network HSM Installation Guide Release 7 0 007 013576 002 Rev A June 2017 Copyright 2001 2017 Gemalto All rights reserved 27 ...

Page 28: ... To prepare an HSM for Remote PED operation it needs a minimum of preparation as described in this section below 1 From the software media DVD or downloaded un tarred archive file install the SafeNet Luna HSM Client software onto the selected Windows computer that will act as the PED Server to your remotely located SafeNet Luna HSM ensuring that the Remote PED option is selected Let the Windows Fo...

Page 29: ...d vector init d When prompted insert a blank orange labelled PED key into the PED for imprinting or re use an already imprinted orange PED key e Bring the imprinted orange Remote PED key to your workstation along with a Remote capable PED The HSM can now be shipped to its remote locale You can perform other maintenance at this time if convenient but only the foregoing steps were required to be don...

Page 30: ...kstation start the PED Server program in its listening mode c yourRemotePed directory pedserver m start 6 Run the command pedserver m show to verify that the PED is detected and the system is ready for remote connection 7 Start the PED Client the Remote PED enabling process on the HSM host lunash hsm ped connect ip workstation_ip_address port 1503 or lunacm ped connect ip workstation_ip_address po...

Page 31: ...o Remote PED Note Remote PED is served from a host computer running SafeNet Luna Client PED Server software A Remote PED session is called by an instance of PED Client running on the computer hosting the SafeNet Luna HSM In some cases such as SafeNet Luna Network HSMs behind strict firewalls the HSM host is not allowed to initiate the connection In that case you can initiate a Remote PED session f...

Page 32: ...B HSM install the SafeNet Luna Client on the workstation to which the SafeNet Luna USB HSM is connected Install the SafeNet Luna Client on any computer that is to have a SafeNet Remote PED connected Choose the instructions for your operating system For Linux see Linux SafeNet Luna HSM Client Software Installation on the next page For Windows see Windows SafeNet Luna HSM Client Installation on page...

Page 33: ...driver module is built by the client as part of the installation if you choose to install the Luna PCIe HSM component To build the driver the client requires the following items Kernel headers for build kernel devel package rpmbuild package C and C compilers make command If any one of these items is missing the driver build will fail and the client software will not be installed Debian Requires al...

Page 34: ...ll_sw_root is the location of installation DVD or untarred download For example cdrom or HOME safenet 4 To install the software run the install sh installation script You can run the script in interactive mode or you can script the installation as described in Scripted or Unattended Installation on page 37 To display the help or a list of available installer options type sudo sh install sh or sudo...

Page 35: ...evious SafeNet software before starting the SafeNet Luna Client installation again 9 The system installs all packages related to the products and any optional components that you selected Controlling User Access to Your Attached HSMs and Partitions By default only the root user has access to your attached HSMs and partitions You can specify a set of non root users that are permitted to access your...

Page 36: ...usr safenet lunaclient bin 3 Run the uninstall script sudo sh uninstall sh CAUTION The hsmusers group is not removed when the client software is uninstalled Should you install the client again on the same system all users previously in the group will have access to your attached HSMs and partitions by default You must remove users from the group if you want to restrict their access See Removing us...

Page 37: ...rform operations not supported by the LunaProvider secure random generation or random publickey verification for example then it would receive error messages from the HSM and would need to handle those gracefully before resorting to providers further down the list We have found that having our provider in third position works well for most applications The modifications in the java security file a...

Page 38: ...ined in the packaging of this product in its entirety before installing this product Do you agree to the License contained in the product packaging If you select yes or y you agree to be bound by all the terms and conditions se out in the License If you select no or n this product will not be installed y n y Complete Luna Client will be installed This includes SafeNet Luna Network HSM SafeNet Luna...

Page 39: ...feNet Luna Client is already installed If components are missing or are not working properly after an interrupted installation or if you wish to install any additional components at a later date following an interrupted installation as described you would need to uninstall everything first If sh uninstall sh is unable to do it then you must uninstall all packages manually SafeNet Luna Network HSM ...

Page 40: ...nd supporting files installed Each computer that contains or is connected to a SafeNet Luna PCIe HSM or a SafeNet Luna USB HSM must have the cryptoki library and other utilities and supporting files installed Prerequisites The Luna HSM Client installer requires the Microsoft Universal C Runtime Universal CRT to run properly Universal CRT requires your Windows machine to be up to date Before runnin...

Page 41: ...before you proceed see Uninstalling or Modifying the SafeNet Luna Client Software on page 46 3 Download the Luna HSM Client from the Gemalto Support Portal at https supportportal gemalto com and extract the zip to an appropriate folder 4 In the extracted directory locate the folder for your Windows architecture and double click LunaHSMClient exe 5 At the Welcome screen click Install The Welcome sc...

Page 42: ...nents you wish to install Click on a product to select the components to install as follows You can click on the icon for a product to show each of the individual components Install this component If you select this option for a product only the most commonly used components are installed Use the icon to show which components are included Install all of the components for the product Do not instal...

Page 43: ...and you will need to start the SafeNet subagent and configure for use with your agent as described in SNMP Monitoring on page 1 in the Administration Guide After you select the components you want to install click Next The Ready to Install dialog is displayed 9 Click Install to install the selected components 10 If Windows presents a security notice asking if you wish to install the device driver ...

Page 44: ...e The exact directory might differ depending on where you obtained your Java system the version and any choices that you made while installing and configuring it Using a 32 bit JDK on a 64 bit OS If you install a 32 bit JDK on a 64 bit OS you must copy the 32 bit LunaAPI dll file to the 32 bit JDK bin folder for example C Program Files x86 Java jdk1 8 0_92 bin Java 7 and Java 8 Library Path Issue ...

Page 45: ...imary mode However if your application needs to perform operations not supported by the LunaProvider secure random generation or random publickey verification for example then it would receive error messages from the HSM and would need to handle those gracefully before resorting to providers further down the list We have found that having our provider in third position works well for most applicat...

Page 46: ...pending on the applications you are running If SafeNet CSP CAPI SafeNet KSP CNG is selected at installation time then the SafeNetKSP dll file is installed in these two locations C Windows System32 used for 64 bit KSP C Windows SysWOW64 used for 32 bit KSP Note The cryptoki ini file which specifies many configuration settings for your HSM and related software includes a line that specifies the path...

Page 47: ...un LunaCM or other utilities that require the library Troubleshooting If you are not the Administrator of the computer on which Luna HSM Client is being installed or if the bundle of permissions in your user profile does not allow you to launch the installer with Run as Administrator then some services might not install properly One option is to have the Administrator perform the installation for ...

Page 48: ...nd launch it there which permits the needed services to load for PedClient See Scripted Unattended Windows Installation Uninstallation on the next page for instructions on how to install the client software from the command line SafeNet Luna Network HSM Installation Guide Release 7 0 007 013576 002 Rev A June 2017 Copyright 2001 2017 Gemalto All rights reserved 48 ...

Page 49: ...the ADDLOCAL SA flag to install the base client software for the SafeNet Luna Network HSM Include the flags listed below to install any optional software components you desire The base software must be installed first Note The setting l install log is optional and will save the installation logs to the file install log The install log file is required only if troubleshooting an issue with Technica...

Page 50: ... PCI Install the base Luna HSM Client software and any of the following optional components for the SafeNet Luna PCIe HSM that you desire Product or component Description PCI_CSP_KSP CSP and KSP components for the SafeNet Luna PCIe HSM PCI_JSP JSP component for the SafeNet Luna PCIe HSM PCI_SDK SDK component for the SafeNet Luna PCIe HSM PCI_JCProv JCPROV component for the SafeNet Luna PCIe HSM PC...

Page 51: ...Client exe install l install log quiet norestart ADDLOCAL G5 G5_CSP_KSP G5_JSP G5_ SDK G5_JCProv G5_SNMP If you wish to install only some of the components just specify the ones you want after the product name G5 in this example Installing the Luna HSM Client for the SafeNet Luna Backup HSM Use the ADDLOCAL RB flag to install the base client software for the SafeNet Luna Backup HSM Include the fla...

Page 52: ...g an issue with Technical Support To install the Luna HSM Client for the SafeNet Luna Backup HSM From the location of LunaHSMClient exe run the following command LunaHSMClient exe install l install log quiet norestart ADDLOCAL RP Uninstalling the Luna HSM Client You can also perform scripted unattended uninstallation Note The setting l uninstall log is optional and will save the installation logs ...

Reviews:

No comments

Related manuals for SafeNet Luna Network HSM 7.0

Accelerated 6330-MX User Manual preview
6330-MX
Brand: Accelerated Pages: 10
Accelerated 6300-CX Customer Setup Instructions preview
6300-CX
Brand: Accelerated Pages: 4
DBM ACE9600 Operating Manual preview
ACE9600
Brand: DBM Pages: 50
Parkside POF 1200 A1 Operation Manual preview
POF 1200 A1
Brand: Parkside Pages: 55
Parkside POF 1200 A1 Operation And Safety Notes preview
POF 1200 A1
Brand: Parkside Pages: 34
Paradyne 7995-A2-374 Quick Installation Instructions preview
7995-A2-374
Brand: Paradyne Pages: 1
AT&T Nighthawk M6 Pro Let'S Get Started preview
Nighthawk M6 Pro
Brand: AT&T Pages: 2
Western Digital Scorpio WD2500BPVT Product Specifications preview
Scorpio WD2500BPVT
Brand: Western Digital Pages: 3
Western Digital Scorpio WD2500BPVT Product Features preview
Scorpio WD2500BPVT
Brand: Western Digital Pages: 4
Orban OPTIMOD 6300 Operating Manual preview
OPTIMOD 6300
Brand: Orban Pages: 255
Stephen STES2026 Configuration Manual Manual preview
STES2026
Brand: Stephen Pages: 102
Renesas Converter Board R0E5212BACFG00 User Manual preview
Converter Board R0E5212BACFG00
Brand: Renesas Pages: 6
ZyXEL Communications NBG-460N Manual preview
NBG-460N
Brand: ZyXEL Communications Pages: 5
ebm-papst D3G146-LT13-30 Operating Instructions Manual preview
D3G146-LT13-30
Brand: ebm-papst Pages: 11
YASKAWA PG-Z2 Instructions Manual preview
PG-Z2
Brand: YASKAWA Pages: 15
DAD DXZ48 User Manual preview
DXZ48
Brand: DAD Pages: 16
Addonics Technologies ADSA2 Installation Manual preview
ADSA2
Brand: Addonics Technologies Pages: 1
ICP DAS USA PISO-725 Series Quick Start Manual preview
PISO-725 Series
Brand: ICP DAS USA Pages: 8

Brands by name

Popular brands

Load more brands