Overview and Installation
This section provides an overview of the SNMP implementation and describes how to install the SNMP subagent.
MIB
Thales Group provides the following MIBs (management information base) in the SafeNet Luna HSM Client installation package:
MIB Name | Description |
---|---|
CHRYSALIS-UTSP-MIB.txt | Defines SNMP access to information about the SafeNet appliance. |
SAFENET-HSM-MIB.txt | Defines SNMP access to information about the SafeNet Luna HSM. |
SAFENET-GLOBAL-MIB.txt | Must be found in your system path so that symbols can be resolved. |
SAFENET-APPLIANCE-MIB.txt | Reports the software version of SafeNet Luna Network HSM appliance. |
Copy all MIBs in <Luna_HSM_Client_install_dir>/snmp to the MIB directory on your system. Only the MIBs necessary for SafeNet Luna PCIe HSM and SafeNet Luna USB HSM are included in a client installation.
For SafeNet Luna Network HSM, the host is the appliance, so all the above MIBs are installed on the appliance. See SNMP Traps in the Syslog and SNMP Monitoring Guide for information on configuring SNMP trap notifications.
NOTE Your SNMP application also requires the following standard SNMP MIBs:
>SNMPv2-SMI.txt -- defined in RFC 2578, Section 2
>SNMPv2-TC.txt -- defined in RFC 2579, Section 2
SafeNet SNMP Subagent
We find that most customers choosing to use SNMP already have an SNMP infrastructure in place. Therefore, we provide a subagent that you can install on your managed workstations, and which can point to your agent via the socket created by the agent. This applies to SafeNet Luna USB HSM and SafeNet Luna PCIe HSM - for SafeNet Luna Network HSM, the subagent is already on the appliance.
The SNMP subagent (luna-snmp) is an AgentX SNMP module that extends an existing SNMP agent with support for SafeNet Luna HSM monitoring. It is an optional component of the SafeNet Luna HSM Client installation. The subagent has been tested against net-snmp, but should work with any SNMP agent that supports the AgentX protocol.
To install the SNMP subagent:
After selecting one or more products from the main SafeNet Luna HSM Client installation menu, you are presented with a list of optional components, including the SNMP subagent. It is not selected by default, but can be installed with any product except the SafeNet Luna Network HSM client installed in isolation.
1.In the installation media, go to the appropriate folder for your operating system.
2.Run the installer (install.sh for Linux and UNIX, LunaHSMClient.exe for Windows).
3.Choose the SafeNet products that you wish to install, and include SNMP among your selections. The subagent is installed for any SafeNet product except SafeNet Luna Network HSM in isolation.
4.Proceed to Post-installation configuration.
Post-installation configuration
After the SafeNet Luna HSM Client is installed, complete the following steps to configure the SNMP subagent:
1.Copy the SafeNet MIBs from <install dir>/snmp to the main SNMP agent’s MIB directory. Or copy to another computer (your SNMP computer) if you are not running SNMP from the same computer where SafeNet Luna HSM Client software is installed.
2.If running on Windows, configure the subagent via the file <install dir>/snmp/luna-snmp.conf to point to the AgentX port where the main SNMP agent is listening. The file must then be copied to the same directory as snmpd.conf. (This assumes net-snmp is installed; the setup might differ if you have another agent.)
If running on a UNIX-based platform, the subagent should work without extra configuration assuming that the primary SNMP agent is listening on the default local socket (/var/agentx/master). You still have the option of editing and using luna-snmp.conf.
3.After configuration is complete, start the agent. Then start the subagent via the service tool applicable to your platform (for example, service luna-snmp start on Linux, or start SafeNet SNMP Subagent Service from the services in Windows).
Normally the agent is started first. However, the subagent periodically attempts to connect to the agent until it is successful. The defaults controlling this behavior are listed below. They can be overridden by changing the appropriate entries in luna-snmp.conf.
Troubleshooting
If you encounter the following warning:
Warning: Failed to connect to the agentx master agent ([NIL]):
you must enable AgentX support by adding master agentx to your SNMPD configuration file. Refer to the man page for snmpd.conf for more information.
Configuration Options In the luna-snmp.conf File
Option | Description | Default |
---|---|---|
agentXSocket [<transport-specifier>:]<transport-address>[,...] |
Defines the address to which the subagent should connect. The default on UNIX-based systems is the Unix Domain socket "/var/agentx/master". Another common alternative is tcp:localhost:705. See the section LISTENING ADDRESSES in the snmpd man page for more information about the format of addresses (http://www.net-snmp.org/docs/man/snmpd.html). |
The default, for Linux, is "/var/agentx/master". In the file, you can choose to un-comment "tcp:localhost:705" which is most commonly used with Windows. |
agentXPingInterval <NUM> | Makes the subagent try to reconnect every <NUM> seconds to the master if it ever becomes (or starts) disconnected. | 15 |
agentXTimeout <NUM> | Defines the timeout period (NUM seconds) for an AgentX request. | 1 |
agentXRetries <NUM> | Defines the number of retries for an AgentX request. | 5 |