Return Material Authorization (RMA) Guidance
Thales ensures that all of its products are designed, manufactured, and tested to the highest level of quality. On occasion, a product may fail in the field after use by the customer. Products that fail in the field, when covered by a maintenance agreement or during the warranty period, may be eligible for an RMA (Return Material Authorization).
CipherTrust physical appliances may contain sensitive customer key material. Thales recognizes that and assures the customers that our appliances are hardened.
The section covers the following appliance models:
Thales CipherTrust Manager k570
Thales CipherTrust Manager k470
To Prepare an Appliance for RMA
Ensure that all the sensitive information such as keys, backup keys, certificates, NAE users, and authorization policies are backed up at all times.
Login to the CipherTrust Manager as ksadmin via serial console or SSH.
Do one of the following:
Perform a factory reset of the CipherTrust Manager using the system configuration utility. This command erases all configuration information, log files and any keys stored on the appliance.
kscfg system factory-reset
Perform a hard reset of the CipherTrust Manager using the system configuration utility. This command resets the appliance and removes data associated with CipherTrust Manager. such as keys and certificates. All log information and appliance configuration information remains intact. This remaining information can help us determine the possible cause of the failure.
kscfg system reset
For k570 devices, reset the on-board PCIe HSM card which stores the root keys. Do one of the following:
Login to the CipherTrust Manager as ksadmin via serial console or SSH, and run the lunaCM factory reset command.
lunacm:> hsm factoryReset
Short circuit the decommission jumper header on the PCI card. You can use the blade of a screwdriver, or other conductive tool to short-circuit the two pins of the decommission header, or you can connect a switch to the decommission header if desired. Power is not required to decommission the HSM, that is, you can decommission the HSM after removing it from the chassis. The following image shows the two-pin decommission jumper header location on the PCI card: