Version Dependencies by Feature

Some of the SafeNet Luna Network HSM functionality described in the documentation has been introduced in updates since the initial product release. For your own reasons, you may wish to apply some aspects of a product update and not others. For example:

>you may choose to update appliance or client software while keeping an earlier, FIPS-certified firmware version

>if you are maintaining a large number of client workstations, it may be cumbersome to apply software updates to all of them

The following table outlines the SafeNet Luna Network HSM functions that depend on a certain software/firmware version, or have other requirements you must consider.

Function	Minimum Version Requirements	Notes
DPoD HSM on Demand Support >Adding a DPoD HSM on Demand Service	Client: 10.1	Refer to Cloning Keys Between Luna 6, Luna 7, and HSM on Demand for more information on using an HSMoD service with Luna HSMs.
Remote PED Server Support on Linux Clients >Remote PED Setup	Client: 10.1
Client NTLS Certificates can be Signed by a Trusted Certificate Authority >Creating an NTLS Connection Using a Client Certificate Signed by a Trusted Certificate Authority	Client: 10.1
SafeNet Luna Backup HSM (G7 model) Support >Backup and Restore Using a G7-Based Backup HSM	Client: 7.5
Functionality Modules >Functionality Modules >About the FM SDK Programming Guide	Firmware: 7.4.0 Appliance: 7.4 Client: 7.4	Refer to Preparing the SafeNet Luna Network HSM to Use FMs for an overview of hardware/software/firmware requirements.
Appliance Re-image >Re-Imaging the Appliance to Factory Baseline	Firmware: 7.3.0 Appliance: 7.3	The Appliance Re-image feature is not supported on HSMs that use Functionality Modules. If you have ever enabled HSM policy 50: Allow Functionality Modules, even if the policy is currently disabled, you cannot re-image the HSM appliance. See FM Deployment Constraints for details.
Partition Utilization Metrics >Partition Utilization Metrics	Firmware: 7.3.0 Appliance: 7.3 Client: 7.3
Improved SafeNet Luna HSM Client >Version-Compatible SafeNet Luna HSM Client (Luna HSMs version 6.2.1 and higher) >Cloning Keys Between Luna 6, Luna 7, and HSM on Demand >Modifying the Installed Windows SafeNet Luna HSM Client Software >User-Defined SafeNet Luna HSM Client install paths >Luna Minimal Client (for Linux)	Client: 7.2	>SafeNet Luna HSM Client 10.1 or higher is required to use Luna partitions with DPoD's HSM on Demand services >The PE1756Enabled setting on Luna 6.x HSMs is not supported for use with the Version-Compatible SafeNet Luna HSM Client >Minimum OS requirements for SafeNet Luna HSM Client 7.2 must be met (Refer to the CRN for details) >Minimal Client does not include tools, and is intended for customer application containers connecting to the Network HSM. A separate full SafeNet Luna HSM Client installation and configuration must be performed on the container host (and the resulting config file and certificate folders saved on the host), to establish NTLS or STC connections for use by the containers.
Initialize the orange RPV key remotely >Remote RPV Initialization	Appliance: 7.2 Client: 7.2
Configure Cipher Suites >Set TLS Ciphers	Appliance: 7.2 Client: 7.2	The Luna 7.2 appliance update includes the sysconf tls ciphers LunaSH commands, but you must update SafeNet Luna HSM Client to use any of the newly-included ciphers. For older clients, the ciphers available for negotiation are those that are common to your client version and to the updated Network HSM.
Customize system logging by severity level >Customizing Severity Levels >Customizing Remote Logging Severity Levels	Appliance: 7.2	If you were using remote logging before you upgraded the appliance software to 7.2, you must delete any existing remote hosts (see syslog remotehost delete) and re-add them before you can customize severity levels.
Re-name/Re-label partitions >partition rename >partition changelabel	Firmware: 7.2.0 Appliance: 7.2 Client: 7.2
Crypto User can clone public objects	Firmware: 7.2.0	The Crypto User (CU) role has always been able to create public objects, but not clone them. In HA mode, this would cause the replication and subsequent object creation operations to fail. Firmware 7.2.0 allows the CU to clone public objects, and therefore to perform operations on HA groups without Crypto Officer authentication.
Configure partition policies for export of private keys >Configuring the Partition for Cloning or Export of Private Keys	Firmware: 7.1.0	You can configure partition policies for Cloning or Key Export Mode manually, as long as you have updated the HSM firmware. To set these modes using Policy Templates, you must meet the Policy Template requirements.
Policy Templates >Setting HSM Policies Using a Template >Setting Partition Policies Using a Template	Firmware: 7.1.0 Appliance: 7.1 Client: 7.1