This section describes basic configuration of the HSM appliance as a networked appliance, basic setup tasks that must be accomplished before you can configure the HSM or make Client connections. You will:
In
general, we recommend against using DHCP for HSM appliances. DHCP has its own set of inherent security risks (spoofing attacks, etc), and a Luna SA (or any critical server) either should not be used in that manner, or must be managed with the greatest of care. It would be comparable to having a firewall with a DHCP address. Consider what might happen if a Luna SA appliance rebooted and came back with a different address. It would cause considerable disruption to client applications.
It is possible to assign "static" IP by instructing a router to always assign specific reserved IP addresses to specific appliance MAC addresses, but it is also possible that a reset router could "forget" those assignments. The safer approach is a manually set static IP at the appliance, that remains effective as long as the appliance is healthy.
As shipped from the factory, we leave the HSM appliance configured for DHCP. This setting is a side-effect of our manufacturing and final-test process where we need the ability to configure multiple HSM appliances at one time on a DHCP-based network and not have to be constrained by fixed IP addresses.
Before you begin, obtain the following information (see your network administrator for most of these items):
If you are using DHCP, then all references to the Client and the HSM appliance (as in Certificates) should use hostnames.
Use the worksheet to record those values.
Go to "Power up the HSM appliance"
Recommended Network Characteristics
First Login & Changing Passwords