The SafeNet Luna HSM MIB
The SAFENET-HSM-MIB defines HSM status information and HSM Partition information that can be viewed via SNMP.
To access tables, use a command like:
snmptable -a SHA -A snmppass -u snmpuser -x AES -X snmppass -l authPriv -v 3 192.20.11.59 SAFENET-HSM-MIB::hsmTable
The information is defined in tables, as detailed in the following sections.
SNMP Table Updates
The SNMP tables are updated and cached every 60 seconds. Any changes made on the HSM may therefore take up to 60 seconds to be included in the tables. When a query is received to view the tables, the most recent cached version is displayed. If a change you were expecting is not displayed, wait 60 seconds and try again.
NOTE Some values may not get updated automatically, such as the HSM firmware version (hsmFirmwareVersion) following a firmware upgrade. To force an update, restart the SNMP agent.
hsmTable
This table provides a list of all the HSM information on the managed element.
Item | Type | Description | Values |
---|---|---|---|
hsmSerialNumber |
DisplayString | Serial number of the HSM - used as an index into the tables. | From factory |
hsmFirmwareVersion | DisplayString | Version of firmware executing on the HSM. | As found |
hsmLabel | DisplayString | Label associated with the HSM. | Provided by SO at init time |
hsmModel | DisplayString | Model identifier for the HSM. | From factory |
hsmAuthenticationMethod | INTEGER | Authentication mode of the HSM. | unknown(1), -- not known
password(2), -- requires passwords pedKeys(3) -- requires PED |
hsmRpvInitialized | INTEGER | Remote ped vector initialized flag of the HSM. | notSupported(1), -- rpv not supported
uninitialized(2), -- rpv not initialized initialized(3) -- rpv initialized |
hsmFipsMode | TruthValue | FIPS 140-2 operation mode enabled flag of the HSM. | Factory set |
hsmPerformance | INTEGER | Performance level of the HSM. | |
hsmStorageTotalBytes | Unsigned32 | Total storage capacity in bytes of the HSM | Factory set |
hsmStorageAllocatedBytes | Unsigned32 | Number of allocated bytes on the HSM | Calculated |
hsmStorageAvailableBytes | Unsigned32 | Number of available bytes on the HSM | Calculated |
hsmMaximumPartitions | Unsigned32 | Maximum number of partitions allowed on the HSM | 2, 5, 10, 15, or 20, per license |
hsmPartitionsCreated | Unsigned32 | Number of partitions created on the HSM | As found |
hsmPartitionsFree | Unsigned32 | Number of partitions that can still be created on the HSM | Calculated |
hsmBackupProtocol | INTEGER | Backup protocol used on the HSM | unknown(1),
none(2), cloning(3), keyExport(4) |
hsmAdminLoginAttempts | Counter32 | Number of failed Administrator login attempts left before HSM zeroized | As found, calculated |
hsmAuditRoleInitialized | INTEGER | Audit role is initialized flag | notSupported(0),
yes(1), no(2) |
hsmManuallyZeroized | TruthValue | Was HSM manually zeroized flag | As found |
hsmUpTime | Counter64 | Up time in seconds since last HSM reset | Counted |
hsmBusyTime | Counter64 | Busy time in seconds since the last HSM reset | Calculated |
hsmCommandCount | Counter64 | HSM commands processed since last HSM reset | Counted |
The hsmPartitionTable
This table provides a list of all the partition information on the managed element.
Item | Type | Description | Values |
---|---|---|---|
hsmPartitionSerialNumber | DisplayString | Serial number for the partition | Generated |
hsmPartitionLabel | DisplayString | Label assigned to the partition | Provided at partition creation |
hsmPartitionActivated | TruthValue | Partition activation flag | Set by policy |
hsmPartitionStorageTotalBytes | Unsigned32 | Total storage capacity in bytes of the partition | Set or calculated at partition creation or re-size |
hsmPartitionStorageAllocatedBytes | Unsigned32 | Number of allocated (in use) bytes on the partition | Calculated |
hsmPartitionStorageAvailableBytes | Unsigned32 | Number of avalailable (unused) bytes on the partition | Calculated |
hsmPartitionObjectCount | Unsigned32 | Number of objects in the partition | Counted |
hsmLicenseTable
This table provides a list of all the license information on the managed element. More than one HSM might be connected to a Host, so they are accessed with two indices; the first index identifies the HSM for which the license entry corresponds (hsmSerialNumber), the second is the index for the corresponding license (hsmLicenseID).
Item | Type | Description | Values |
---|---|---|---|
hsmLicenseID | DisplayString | License identifier | Set at factory or at capability update |
hsmLicenseDescription | DisplayString | License description | Set at factory or at capability update |
hsmPolicyTable
This table provides a list of all the HSM policy information on the managed element.
Item | Type | Description | Values |
---|---|---|---|
hsmPolicyType | INTEGER | Type of policy | capability(1),
policy(2) |
hsmPolicyID | Unsigned32 | Policy identifier | Numeric value identifies policy and is used as a index into the policy table |
hsmPolicyDescription | DisplayString | Description of the policy | Brief text description of what the policy does |
hsmPolicyValue | DisplayString | Current value of the policy | Brief text description to show current state/value of policy |
hsmPartitionPolicyTable
This table provides a list of all the partition policy information on the managed element.
Item | Type | Description | Values |
---|---|---|---|
hsmPartitionPolicyType | INTEGER | Capability or policy | capability(1),
policy(2) |
hsmPartitionPolicyID | Unsigned32 | Policy identifier | Numeric value identifies policy and is used as a index into the policy table |
hsmPartitionPolicyDescription | DisplayString | Description of the policy | Brief text description of what the policy does |
hsmPartitionPolicyValue | DisplayString | Current value of the policy | Brief text description to show current state/value of policy |
hsmClientRegistrationTable
This table provides a list of registered clients.
Item | Type | Description | Values |
---|---|---|---|
hsmClientName | DisplayString | Name of the client | Name provided on client cert |
hsmClientAddress | DisplayString | Address of the client | IP address of the client |
hsmClientRequiresHTL | TruthValue | Flag specifying if HTL required for the client |
Flag set at HSM host side to control client access Note: HTL is not available in release 7.x. This value will always return false for 7.x HSMs. |
hsmClientOTTExpiry | INTEGER | OTT expiry time (-1 if not provisioned) |
Expiry time, in seconds, for HTL OneTimeToken (range is 0-3600); -1 indicates not provisioned, 0 means never expires Note: HTL is not available in release 7.x. This value will always return -1 for 7.x HSMs. |
hsmClientPartitionAssignmentTable
This table provides a list of assigned partitions for a given client.
Item | Type | Description | Values |
---|---|---|---|
hsmClientHsmSerialNumber | DisplayString | Index into the HSM table | -- |
hsmClientPartitionSerialNumber DisplayString | DisplayString | Index into the Partition Table | -- |
SNMP output compared to SafeNet tools output
For comparison, the following shows LunaCM or LunaSH command outputs that provide HSM information equivalent to the SNMP information depicted in the tables above (from the HSM MIB).
HSM Information
At the HSM level the information in the outputs of hsm show and hsm showpolicies and hsm displaylicenses includes the following:
>SW Version
>FW Version
>HSM label
>Serial #
>HW Model
>Authentication Method
>RPV state
>FIPS mode
>HSM total storage space (bytes)
>HSM used storage space (bytes)
>HSM free storage space (bytes)
>Performance level
>Max # of partitions
># of partitions created
># of free partitions
>HSM policies and their settings
Partition Information
At the application partition level, the information in the outputs of partition show and partition showpolicies includes the following:
>Partition Name
>Partition Serial #
>Activation State
>AutoActivation State
>Partition total storage space (bytes)
>Partition used storage space (bytes)
>Partition free storage space (bytes)
>Partition Object Count
>Partition policies and their settings