Configuration (Set up Luna SA after Installation)

When you receive your Luna SA, it is fully functional and very configurable, but is not yet set up to work in your network and with your Clients. That is, coming from the factory, the Luna SA:

If you are looking at this page, you have probably unpacked your Luna SA, connected the cables, and installed the Luna SA Client and SDK Software(the software that must be installed on each Client computer that will connect to a Luna SA. You should also include this Help on each computer, for reference when performing tasks.) .

If yours is a Luna SA with PED (Trusted Path) Authentication, then it makes use of the Luna PED. The crystoki.ini (Windows) or Chrystoki.conf (UNIX) file contains settings for PED timeout values. Generally, do not change those, unless instructed to do so by SafeNet Technical Support.

To have your new Luna SA working in your environment, you need to prepare it, as follows:

Each of the links below connects to a topic or chapter in the Configuration "book" of this WebHelp.

THIS page mirrors the Configuration portion of the Table of Contents (which should appear in the navigation pane, over there to the left of the screen).

The links below are set to open the target topics in this browser window, because many people prefer to avoid proliferation of windows and tabs. You might prefer to right-click and choose to have each of the steps open in a separate window, so that you can read the instructions but still have this window open for overview of the whole procedure - where you are going next.

Click on a link below (in the order that they occur).

Entropy Pool and Random Number Generator

[Step 1] Configuring Luna Appliance for your Network

Recommended Network Characteristics

Power-up the Luna appliance

Open a Connection

First Login & Changing Passwords

Set System Date and Time

Configure IP and Network Parameters

Make Your Network Connection

Generate New Luna SA Server Cert

[Step 2] Initializing an HSM

Initializing an HSM (Password Authenticated option)

Use hsm-init to Initialize an HSM

Initializing an HSM (PED Authenticated option)

About Initializing a PED Authenticated [Trusted Path] HSM

Options and choices when imprinting a blue (SO) PED Key

[Step 3] Setting HSM Policies

Set HSM Policies (Password Authentication)

Set HSM Policies (Trusted Path Authentication)

[Step 4] Creating Partitions

Create Partition (Password Authentication)

About Creating a Partition (PW)

Create Partition {PW}

Create Partition (Trusted Path Authentication)

About Creating a Partition (TP)

Initialize the Partition (TP)

Record Partition Client Password (TP)

[Step 5] Setting Partition Policies

Partition Policies

Set Partition Policy

[Step 6] Setting up a Network Trust Link

Prepare the Client for Network Trust Link

UNIX NTL Setup

Import Luna Server Cert onto Client (UNIX)

Create a Client Certificate (UNIX)

Export a Client Cert to a Luna SA (UNIX)

Windows NTL Setup

Import Luna SA Server Cert onto Client (Windows)

Create a Client Certificate (Windows)

Export a Client Cert to a Luna SA (Windows)

[Step 7] Assigning Clients to Partitions

Assign a Client to a Luna HSM Partition

Configure HTL [optional]

HTL Setup in Windows

HTL Setup in Linux

[Step 1]	"Preparing to configure appliance network settings"
[Step 2]	"System-specific Instructions to Initialize an HSM"
[Step 3]	Adjust (if required) the Policies that control the HSM If you have a Luna SA with Password Authentication, click this link: "Set HSM Policies (Password Authentication)" If you have a Luna SA with Trusted Path Authentication (uses the PED and PED Keys), click this link: "Set HSM Policies - PED (Trusted Path) Authentication"
[Step 4]	Prepare virtual HSMs for your Clients by creating HSM Partitions Again, if you have a Luna SA with Password Authentication, click this link: "About Creating a Partition (Password Authentication)" If you have a Luna SA with Trusted Path Authentication (uses the PED and PED Keys), click this link: "About Creating a Partition (PED authenticated)"
[Step 5]	Adjust (if required) "Partition Policies"
[Step 6]	Set up a Network Trust Link ( "Prepare the Client for Network Trust Link"), by creating new certificates on the Luna SA and on a Client and exchanging them
[Step 7]	Assign a registered Client to a particular Partition ( "Assign a Client to an HSM Partition" )
[Step 8]	and, of course, Use a Luna SA HSM Partition from your Client application(s) ( "Verify the configuration" ).

Configuration - Set up Luna SA and Clients