[This is supplementary information. You can create and use HSM partitions, using default parameters, without ever referring to this page. However, if you wish to adjust and control the sizes of your partitions, the information on this page might be helpful.]
The syntax of the partition create command is described in the Reference section ( "partition create Command" ).
The procedure is described as part of Luna SA Configuration, password version ( "About Creating a Partition (Password Authentication)" ) or PED version ( "About Creating a Partition (PED authenticated)" ).
The Luna SA HSM supports a maximum of 20 partitions (subject to change in future versions).Beginning with Luna HSM 5.2.1, the HSM supports only the number of partitions that are explicitly licensed, either from the factory, or by later upgrade. The upgrade is now locked to the serial number of a specific HSM. Available values are 2, 5, 10, 15 and 20 partitions. Those partitions are divided among the available memory, with each being assigned an equal share when it is created, by default. We do not specify an exact size in bytes, because this can be affected by other features of the factory-installed configuration that you purchased, and by later changes
The basic allotment ensures that you can create all allowed partitions, each having enough space to hold (at least) an RSA key-pair.
If you don't specify an amount at partition creation, then each partition is assigned the default amount for your HSM.
You can see what that default amount is for your HSM by creating a single partition and then viewing partition information with partition show.
The default total storage space on the HSM is 2 MB, which, less partition overhead, is available for storage of objects.
A purchased upgrade (at the time the HSM is ordered, or as a customer-installed upgrade at a later date) is available, increasing the allotment to 15.5 MB of storage. If your application uses only a small amount of memory per partition, then increasing the total memory might not be necessary if you increase the partition count. However, if your application uses a significant portion of the default 2MB when you have only 2 or 5 partitions, then when upgrading to 10, 15, or 20 partitions, you would likely need to increase the total memory.
You have the option, when creating any partition, to specify "-size" followed by a number of bytes, to directly set the amount of storage to be used by this partition. The HSM runs a boundary check, to determine whether that much storage space remains, and either proceeds with the partition creation, or refuses with an error message.
The upper boundary definition is defined as: F / (M - N) - O
where:
F is the free HSM space remaining,
M is the maximum number of partitions allowed on the HSM,
N is the number of existing partitions already created on the HSM, and
O is the partition overhead.
Partition overhead is just slightly greater than 2000 bytes per partition, and is subject to change in future releases.
The purpose of the upper boundary is to reserve a usable share of space for future partitions that you might wish to create.
You have the option, when creating any partition, to specify "-allfreestorage", which forcibly allocates all remaining storage to that partition, without reserving any space. If you do this before you have created the maximum number of partitions (say, 20), then you are not able to create additional partitions - all the previously unallocated storage is used by the last one that you created (with -allfreestorage option), leaving none for additional partitions.
The command partition resize has the "-size" and "-allfreestorage" options that work as described for partition create, above, with one exception.
The "-size" option allows you to increase the size of the partition if space is available. It does not allow you to decrease the current size - that constraint ensures that no partition objects are lost. If you wish to decrease the size of a partition, you must delete it (partition delete command) and then re-create it at the desired smaller size. Of course, that action deletes any objects in the partition. If you have made a backup of the old partition, you can restore to the newly created partition.
For the resize command, you must specify either "-size" or "-allfreestorage".
If you need twenty partitions on your HSM, then you must create twenty partitions (assuming that you have purchased that capability), and their size is constrained by the available storage space - about 100,000 bytes per partition for an HSM with 2 MB of storage, or about 3/4 of a megabyte per partition for an HSM with 15.5 MB of storage.
However, you might prefer a smaller number of partitions, each having more space allocated.
With the maximum number of partitions that you will need, and their sizes, you can do the arithmetic and simply create each partition with the "-size" option, taking care to not exceed the total space available. The HSM creates your partitions with your specified sizes, except that the last partition is constrained by the boundary calculation to leave enough room for 20-x minimal partitions (that is, twenty minus x where x is the number of large partitions that you want). This wastes some storage that could otherwise be allocated to that last large partition.
You can get around that limitation by creating x-1 partitions (where x is the number you desire in total) using the "-size" option, and then creating your last partition with "-allfreestorage" specified instead.
So if, for example, you create four partitions in total, using the above suggestion, the assumption is that you are confident you will never need more than four, and can safely use up all storage for just those four.
If you prefer to have all your partitions sized equally, and to let the HSM do the calculations, the following procedure might be of some value.
In this example, create four equal-size partitions, using all the storage possible:
- start by creating 20 partitions (the maximum allowed) – each will have X bytes available to it
- delete 4 of them (leaving 16)
- resize one partition to use “-allfreestorage”, which makes that partition large (as large as ) and leaves the HSM with 15 partitions having X bytes each, plus the large one
- delete another four small partitions
- resize one small partition to use “-allfreestorage”, which makes that partition large (there are now two large partitions ) and leaves the HSM with 10 partitions having X bytes each, plus the two large ones
- delete another four small partitions
- resize one small partition to use “-allfreestorage”, which makes that partition large (there are now three large partitions ) and leaves the HSM with 5 partitions having X bytes each, plus the three large ones
- delete another four small partitions
- resize the single remaining small partition to use “-allfreestorage”, which makes that partition large and leaves 0 (zero) of the original partitions with X bytes each, and the four large partitions of equal size, and no unallocated space on the HSM.
For the example, we chose conveniently round numbers. You might have a few bytes left over, or one partition slightly larger or smaller than the others, depending on the actual configuration of your HSM.