CHAPTER 1 Planning Your Configuration
PINs are in use, then each SO and each SO backup/alternate personnel must know the PED PIN(s) for every HSM in
their charge.
If your organization enforces a policy of password changes at certain intervals, or at events like firings and personnel
turnover, then you have options and requirements - you might need to change the secret on the PED Key (
hsm
changePw
command) or you might satisfy the password-changing requirement by simply changing the PED PIN.
Furthermore, when you initialize an HSM with a new secret, you have the opportunity to split that secret using the M of
N feature. In this way, you ensure that a certain minimum number of personnel must be present with their blue PED
Keys whenever the SO must log in. While making that choice, you should choose "M" to be the smallest number that
satisfies the requirement. Similarly, "N" should be large enough to ensure that you have enough "spare" qualified SO
split holders that you can assemble a quorum even when some holders are unavailable (such as for business travel,
vacations, illness). Just as with a single, non-split SO secret, you can apply PED PINs to each blue key in an M of N
set. Consider, before you do, how complicated your administration and key-handling/key-update procedures could
become.
Before you begin the HSM init process, have your blue PED Keys ready, either with an existing SO secret to reuse, or
blank (or outdated secret) to be overwritten by a unique new SO secret generated by the HSM. At the same time, you
must also have appropriate red PED Keys ready, because assigning/creating a cloning domain for the HSM is part of
the HSM init process. See the next section, below.
HSM Cloning Domain and the Red Domain PED Key
All the points, options, decisions listed above for the SO key apply equally to the Cloning domain key, with two
exceptions.
First
, you MUST apply the same red key Cloning Domain secret to every HSM that is to :
•
clone objects to/from each other
•
participate in an HA group (synchronization uses cloning
•
backup/restore.
By maintaining close control of the red PED Key, you control to which other HSMs the current HSM can clone.
Second
, unlike the case of the blue SO PED Key secret and the black Partition Owner/User PED Key secret, there is
no provision to reset or change a Cloning Domain. An HSM domain is part of an HSM until it is initialized. An HSM
Partition domain is part of an HSM partition for the life of that partition. Objects that are created in an HSM with a
particular domain can be cloned only to another HSM having the same domain.
Before you begin the HSM init process, have your red PED Keys ready, either with an existing cloning domain secret to
reuse, or blank (or outdated secret) to be overwritten by a unique cloning domain secret generated by the HSM.
Partition Owner/User and the black PED Key
All the points listed above for the SO key apply equally to the black PED Key when an HSM partition is created.
The black PED Key Partition Owner/User secret secures the HSM partition to which it is applied, and all contents of the
partition.
The black PED Key for a partition (or a group of partitions) :
•
allows the holder to log in as the Partition Owner/User to perform administrative tasks on the partition
•
set the partition "open for business" by Activating the partition - when a partition is activated, applications can
present the partition challenge secret and make use of the partition
Luna SA Configuration Guide
Release 5.4.1 007-011136-007 Rev C July 2014 Copyright 2014 SafeNet, Inc. All rights reserved.
18