Slot Numbering and Behavior
Administrative partitions and application partitions are identified as PKCS#11 cryptographic slots in SafeNet utilities, such as LunaCM and multitoken, and for applications that use the SafeNet library.
Order of Occurrence for Different SafeNet Luna HSMs
A host computer with SafeNet Luna HSM Client software and SafeNet libraries installed can have SafeNet Luna HSMs connected in any of three ways:
>PCIe embedded/inserted SafeNet Luna PCIe HSM card (one or multiple HSMs installed - administrative partitions and application partitions are shown separately)
>USB-connected SafeNet Luna USB HSMs (one or multiple - administrative partitions and application partitions are shown separately)
>SafeNet Luna Network HSM application partitions*, registered and connected via NTLS or STC.
Any connected HSM partitions are shown as numbered slots. Slots are numbered from zero or from one, depending on configuration settings (see Settings Affecting Slot Order, below), and on the firmware version of the HSM(s).
* One or multiple application partitions. Administrative partitions on SafeNet Luna Network HSMs are not visible via LunaCM or other client-side tools. Only registered, connected application partitions are visible. The number of visible partitions (up to 100) depends on your model's capabilities. That is, a remote SafeNet Luna Network HSM might support 100 application partitions, but your application and LunaCM will only see partitions that have established certificate-exchange NTLS links with the current Client computer.
In LunaCM, a slot list would normally show:
>SafeNet Luna Network HSM application partitions for which NTLS links are established with the current host, followed by
>SafeNet Luna PCIe HSM cards, followed by
>SafeNet Luna USB HSMs
For SafeNet Luna Network HSM, as seen from a client (via NTLS), only application partitions are visible. The HSM administrative partition of a remote SafeNet Luna Network HSM is never seen by a SafeNet Luna HSM Client. The SafeNet Luna Network HSM slots are listed in the order they are polled, dictated by the entries in the SafeNet Luna Network HSM section of the Crystoki.ini / chrystoki.conf file, like this:
ServerName00=192.20.17.200 ServerPort00=1792 ServerName01=192.20.17.220 ServerPort01=1793
For SafeNet Luna PCIe HSM and SafeNet Luna USB HSM, if you have multiple of either HSM type connected on a single host, then the order in which they appear is the hardware slot number, as discovered by the host computer.
For SafeNet Luna PCIe HSM and SafeNet Luna USB HSM, the HSM administrative slot always appears immediately after the application partition. If no application partition has yet been created, a space is reserved for it, in the slot numbering.
Settings Affecting Slot Order
Settings in the Presentation section of the configuration file (Chrystoki.conf for UNIX/Linux, crystoki.ini for Windows) can affect the numbering that the API presents to SafeNet tools (like LunaCM) or to your application.
[Presentation]
ShowUserSlots=<slot>(<serialnumber>)
>Sets starting slot for the identified partition.
>Default, when ShowUserSlots is not specified, is that all available partitions are visible and appear in default order.
>Can be applied, individually, to multiple partitions, by a single entry containing a comma-separated list (with partition serial numbers in brackets):
ShowUserSlots=1(351970018022), 2(351970018021), 3(351970018020),....
>If multiple partitions on the same HSM are connected to the SafeNet Luna HSM Client host computer, redirecting one of those partitions with ShowUserSlots= causes all the others to disappear from the slot list, unless they are also explicitly re-ordered by the same configuration setting.
ShowAdminTokens=yes
>Default is yes. Admin partitions of local HSMs are visible in a slot listing.
>Remotely connected partitions (SafeNet Luna Network HSM) are not affected by this setting, because NTLS connects only application partitions, not HSM SO (Admin) partitions to clients, so a SafeNet Luna Network HSM SO administrative partition would never be visible in a client-side slot list, regardless.
ShowEmptySlots=1
>Controls how C_GetSlotList - as used by lunacm slot list command, or ckdemo command 14, and by your PKCS#11 application - displays, or does not display unused potential slots, when the number of partitions on an HSM is not at the limit.
OneBaseSlotId=1
>Causes basic slot list to start at slot number 1 (one) instead of default 0 (zero).
(Any submitted number other than zero is treated as "1". Any letter or other non-numeric character is treated as "0".)
Effects of Settings on Slot List
Say, for example, you have multiple HSMs connected to your host computer (or installed inside), with any combination of firmware 6.22.0 (and newer) or pre-6.22.0 firmware, and no explicit entries exist for slot order in the config file. The defaults prevail and the slot list would start at zero.
If you set OneBaseSlotId=1 in the configuration file, then the slot list starts at "1" instead of at "0". You could set this for personal preference, or according to how your application might expect slot numbering to occur (or if you have existing scripted solutions that depend on slot numbering starting at zero or starting at one). OneBaseSlotId affects the starting number for all slots, regardless of firmware.
If you set ShowUserSlots=20(17923506), then the identified token or HSM or application partition would appear at slot 20, regardless of the locations of other HSMs and partitions.
Effects of New Firmware on Slot Login State
Slots retain login state when current-slot focus changes. You can use the LunaCM command slot set to shift focus among slots, and whatever login state existed when you were previously focused on a slot is still in effect when you return to that slot.