The SafeNet Luna HSM MIB

The SAFENET-HSM-MIB defines HSM status information and HSM Partition information that can be viewed via SNMP.

To access tables, use a command like:

snmptable  -a SHA  -A snmppass  -u snmpuser -x AES -X snmppass -l authPriv -v 3 192.20.11.59   SAFENET-HSM-MIB::hsmTable

The information is defined in tables, as detailed in the following sections.

SNMP Table Updates

The SNMP tables are updated and cached every 60 seconds. Any changes made on the HSM may therefore take up to 60 seconds to be included in the tables. When a query is received to view the tables, the most recent cached version is displayed. If a change you were expecting is not displayed, wait 60 seconds and try again.

NOTE   Some values may not get updated automatically, such as the HSM firmware version (hsmFirmwareVersion) following a firmware upgrade. To force an update, restart the SNMP agent.

hsmTable

This table provides a list of all the HSM information on the managed element.

Item    Type    Description    Values   

hsmSerialNumber      

DisplayString    Serial number of the HSM   - used as an index into the tables.   From factory   
hsmFirmwareVersion       DisplayString    Version of firmware executing on the HSM.    As found   
hsmLabel       DisplayString    Label associated with the HSM.    Provided by SO at init time   
hsmModel       DisplayString    Model identifier for the HSM. From factory   
hsmAuthenticationMethod       INTEGER    Authentication mode of the HSM.    unknown(1), -- not known

password(2), -- requires passwords

pedKeys(3) -- requires PED
hsmRpvInitialized       INTEGER    Remote ped vector initialized flag of the HSM.    notSupported(1), -- rpv not supported

uninitialized(2), -- rpv not initialized

initialized(3) -- rpv initialized
hsmFipsMode       TruthValue    FIPS 140-2 operation mode enabled flag of the HSM.    Factory set   
hsmPerformance       INTEGER    Performance level of the HSM.   
hsmStorageTotalBytes       Unsigned32    Total storage capacity in bytes of the HSM    Factory set   
hsmStorageAllocatedBytes       Unsigned32    Number of allocated bytes on the HSM    Calculated  
hsmStorageAvailableBytes       Unsigned32    Number of available bytes on the HSM    Calculated  
hsmMaximumPartitions       Unsigned32    Maximum number of partitions allowed on the HSM    2, 5, 10, 15, or 20, per license
hsmPartitionsCreated       Unsigned32    Number of partitions created on the HSM    As found   
hsmPartitionsFree       Unsigned32    Number of partitions that can still be created on the HSM    Calculated   
hsmBackupProtocol       INTEGER    Backup protocol used on the HSM    unknown(1),

none(2),

cloning(3),

keyExport(4)   
hsmAdminLoginAttempts       Counter32    Number of failed Administrator login attempts left before HSM zeroized    As found, calculated   
hsmAuditRoleInitialized       INTEGER    Audit role is initialized flag    notSupported(0),   

yes(1),

no(2)   
hsmManuallyZeroized       TruthValue    Was HSM manually zeroized flag    As found   
hsmUpTime       Counter64    Up time in seconds since last HSM reset    Counted   
hsmBusyTime       Counter64    Busy time in seconds since the last HSM reset    Calculated   
hsmCommandCount       Counter64    HSM commands processed since last HSM reset    Counted   

The hsmPartitionTable

This table provides a list of all the partition information on the managed element.

Item    Type    Description    Values   
hsmPartitionSerialNumber       DisplayString    Serial number for the partition    Generated   
hsmPartitionLabel    DisplayString    Label assigned to the partition    Provided at partition creation   
hsmPartitionActivated    TruthValue    Partition activation flag    Set by policy   
hsmPartitionStorageTotalBytes    Unsigned32    Total storage capacity in bytes of the partition    Set or calculated at partition creation or re-size   
hsmPartitionStorageAllocatedBytes    Unsigned32    Number of allocated (in use) bytes on the partition   Calculated   
hsmPartitionStorageAvailableBytes    Unsigned32    Number of avalailable (unused) bytes on the partition    Calculated   
hsmPartitionObjectCount Unsigned32    Number of objects in the partition    Counted

hsmLicenseTable

This table provides a list of all the license information on the managed element. More than one HSM might be connected to a Host, so they are accessed with two indices; the first index identifies the HSM for which the license entry corresponds (hsmSerialNumber), the second is the index for the corresponding license (hsmLicenseID).

Item    Type    Description    Values   
hsmLicenseID    DisplayString    License identifier    Set at factory or at capability update   
hsmLicenseDescription    DisplayString    License description    Set at factory or at capability update   

hsmPolicyTable

This table provides a list of all the HSM policy information on the managed element.

Item    Type    Description    Values   
hsmPolicyType    INTEGER    Type of policy    capability(1),   
policy(2)     
hsmPolicyID    Unsigned32    Policy identifier    Numeric value identifies policy and is used as a index into the policy table   
hsmPolicyDescription    DisplayString    Description of the policy    Brief text description of what the policy does   
hsmPolicyValue DisplayString    Current value of the policy Brief text description to show current state/value of policy   

hsmPartitionPolicyTable   

This table provides a list of all the partition policy information on the managed element.

Item    Type    Description    Values   
hsmPartitionPolicyType   INTEGER    Capability or policy    capability(1),   
policy(2)   
hsmPartitionPolicyID    Unsigned32     Policy identifier    Numeric value identifies policy and is used as a index into the policy table   
hsmPartitionPolicyDescription    DisplayString    Description of the policy    Brief text description of what the policy does   
hsmPartitionPolicyValue    DisplayString    Current value of the policy    Brief text description to show current state/value of policy   

hsmClientRegistrationTable

This table provides a list of registered clients.

Item    Type    Description    Values   
hsmClientName    DisplayString    Name of the client    Name provided on client cert   
hsmClientAddress    DisplayString    Address of the client    IP address of the client   
hsmClientRequiresHTL    TruthValue    Flag specifying if HTL required for the client   

Flag set at HSM host side to control client access

Note: HTL is not available in release 7.x. This value will always return false for 7.x HSMs.

hsmClientOTTExpiry    INTEGER    OTT expiry time (-1 if not provisioned)

Expiry time, in seconds, for HTL OneTimeToken (range is 0-3600); -1 indicates not provisioned, 0 means never expires   

Note: HTL is not available in release 7.x. This value will always return -1 for 7.x HSMs.

hsmClientPartitionAssignmentTable   

This table provides a list of assigned partitions for a given client.   

Item    Type    Description    Values   
hsmClientHsmSerialNumber    DisplayString    Index into the HSM table    --
hsmClientPartitionSerialNumber DisplayString    DisplayString    Index into the Partition Table    --

SNMP output compared to SafeNet tools output

For comparison, the following shows LunaCM or LunaSH command outputs that provide HSM information equivalent to the SNMP information depicted in the tables above (from the HSM MIB).

HSM Information

At the HSM level the information in the outputs of hsm show and hsm showpolicies and hsm displaylicenses includes the following:

>SW Version

>FW Version

>HSM label

>Serial #

>HW Model

>Authentication Method

>RPV state

>FIPS mode

>HSM total storage space (bytes)

>HSM used storage space (bytes)

>HSM free storage space (bytes)

>Performance level

>Max # of partitions

># of partitions created

># of free partitions

>HSM policies and their settings

Partition Information

At the application partition level, the information in the outputs of partition show and partition showpolicies includes the following:

>Partition Name

>Partition Serial #

>Activation State

>AutoActivation State

>Partition total storage space (bytes)

>Partition used storage space (bytes)

>Partition free storage space (bytes)

>Partition Object Count

>Partition policies and their settings