HSM Roles
SafeNet Luna Network HSM divides roles on the HSM according to an enhanced version of the PKCS#11 standard. Configuration, administration, and auditing of the HSM itself is the responsibility of the roles described below. Cryptographic functions take place on the application partition, which has a different set of independent roles (see Partition Roles).
Personnel holding HSM-level roles access the HSM by logging in to LunaSH via SSH or a serial connection. They must therefore have the appropriate appliance user access for their respective HSM role, to ensure that they can access all LunaSH commands necessary to perform HSM administration tasks.
The HSM-level roles are as follows:
HSM Security Officer (SO)
The HSM SO handles all administrative and configuration tasks on the HSM, including:
>Initializing the HSM and setting the SO credential (see HSM Initialization)
>Setting and changing global HSM policies (see HSM Capabilities and Policies)
>Creating/deleting the application partition (see Creating or Deleting an Application Partition)
>Updating the HSM firmware (see Updating the SafeNet Luna HSM Firmware)
The HSM SO must have admin-level user access to the SafeNet Luna Network HSM appliance (see Appliance Users and Roles).
Managing the HSM Security Officer Role
Refer also to the following procedures to manage the HSM SO role:
>Logging In as HSM Security Officer
>Changing the HSM SO Credential
Auditor (AU)
The Auditor is responsible for managing HSM audit logging. These responsibilities have been separated from the other roles on the HSM and application partition so that the Auditor can provide independent oversight of all HSM processes, and no other user, including the HSM SO, can clear those logs. The Auditor's tasks include:
>Initializing the Auditor role
>Setting up audit logging on the HSM
>Configuring the maximum size of audit log files and the time interval for log rotation
>Archiving the audit logs
The Auditor must have access to the audit account on the SafeNet Luna Network HSM appliance (see Appliance Users and Roles).
Managing the Auditor Role
Refer to Configuring and Using Audit Logging for procedures involving the Auditor role. See also: