You are here: Appendix > Luna Do's and Don'ts

Luna Do and Don't Suggestions

Here are some things that are common sources of calls to Technical Support.



Have a backup procedure in place, and keep current backups. No equipment is failsafe. If a crash could happen to an aircraft, it could happen to your Luna appliance - or an aircraft could crash on your Luna appliance.

When programming using an API to invoke the Luna HSM, do check return codes on every call.

If in doubt, always say "YES" to the Luna PED "group keys" question and "NO" to the "new domain" question (applies to Trusted Path HSMs).

Remember to consider physical storage of your PED keys before your key generation ceremony. Enforcing your carefully thought out ‘3 of 5’ MofN policy is hard when all the keys are stored in the same safe. Make sure that your physical storage matches your policy choices.

Start as you mean to continue. It’s much easier to make policy decisions, and configure the HSM correctly, from the start of a project.

Document what you do. Although you may remember what you've done, it doesn't follow that those who may come after you will be equally as informed. They will thank you for recording the setup and configuration steps that you took during your device setup and key ceremony (we use a command-line based system to make this easy for you). Documenting what you do may also be important if you are audited.

Let us know if you think there is any way in which we could improve our product or documentation - we’re always happy to receive customer feedback for our products.



Do not manually edit the configuration file, unless instructed to do so by Technical Support.

If you do edit the .conf or .ini file, do not insert any TAB characters.

Do not forget your PED PIN (for Trusted Path HSMs). A lost PED PIN is unrecoverable. There is no feature to "Click here to have your PIN e-mailed to you". If you invoke a PED PIN when initializing, then it becomes part of the authentication for your HSM. The only operations that can change it or remove it either require you to log in, or cause the HSM contents to be erased.

Do not start a system or firmware update on a Luna appliance that is not connected to a working UPS. Most likely nothing would go wrong, but a power failure at just the wrong moment could be messy.

Do not assume that by giving MofN authentication-split keys to the management, that your system will be more secure. They will likely insert the requested Key regardless of who asks them to do so. Ensure that all your key holders are properly trained to question 'Why' their key is needed, and to understand the responsibility that they are agreeing to uphold.

Do not keep trying things if something doesn't appear to be working. There are certain operations that could, after repeated fails, cause the HSM to set itself into a recoverable non-operational state. If you see something that you don’t expect, check the documentation - and if this doesn't help, contact the SafeNet support team.

Don't keep your success stories to yourself! If your Luna equipment works well for you, we’d love to hear from you. You could become a "white paper" or exemplary case study.