Initializing the Backup HSM Remote PED Vector

The Remote PED (via PEDserver) authenticates itself to the SafeNet Luna Backup HSM with a randomly-generated encrypted value stored on an orange PED key. The orange key proves to the HSM that the Remote PED is authorized to perform authentication. The Backup HSM SO can create this key using LunaCM.

If the Backup HSM is already initialized, the HSM SO must log in to complete this procedure.

Prerequisites

>SafeNet Luna PED with firmware 2.7.1 or newer

>USB mini-B to USB-A connector cable

>Luna PED DC power supply (if included with your Luna PED)

>Blank or reusable orange PED key (or multiple keys, if you plan to make extra copies or use an M of N security scheme). See Creating PED Keys for more information.

>Install the Backup HSM at the client and connect it to power (see Installing the Backup HSM).

>Connect the PED to the Backup HSM using a 9-pin Micro-D to Micro-D cable. Set the PED to Local PED-SCP mode (see Modes of Operation).

To initialize the RPV and create the orange PED key using LunaCM

1.Launch LunaCM on the client workstation.

2.Set the active slot to the Backup HSM.

lunacm:> slot set -slot <slotnum>

3.If the Backup HSM is initialized, log in as HSM SO. If not, continue to the next step.

lunacm:> role login -name so

4.Ensure that you have the orange PED key(s) ready. Initialize the RPV.

lunacm:> ped vector init

5.Attend to the Luna PED and respond to the on-screen prompts. See Creating PED Keys for a full description of the key-creation process.

•If you have an orange PED key with an existing RPV that you wish to use for this HSM, press Yes.

•If you are creating a new RPV, press No.

Continue following the prompts for PED PIN, M of N, and duplication options.

To set up a Remote PED server, see Installing PEDserver and Setting Up the Remote Luna PED.