|
Home > |
|---|
STC allows you to protect all communications to the HSM, including those that originate on the Luna SA appliance by enabling the STC admin channel on the appliance. The STC admin channel is local to the appliance, and is used to transmit data between the local services and applications running on the appliance (such as LunaSH, NTLS, and the STC service) and the HSM SO partition. This STC admin channel link is configured separately from the client-partition links, and can be enabled or disabled as required.
When enabled, all communications from the appliance operating system to the HSM are transmitted over the STC admin channel.
Note: Enabling the STC admin channel is service affecting. It causes an STC service restart, which temporarily terminates all existing STC links to the appliance. It also terminates the existing HSM login session.
1.Open a LunaSH session on the appliance and log in as the HSM SO.
2.Enter the following command to enable the STC admin channel:
hsm stc enable
For example:
lunash:>hsm stc enable
Enabling local STC will require a restart of STC service.
Any existing STC connections will be terminated.
Type 'proceed' to enable STC on the admin channel, or 'quit'
to quit now.
> proceed
Successfully enabled STC on the admin channel.
Command Result : 0 (Success)
When disabled, all communications from the appliance operating system to the HSM are transmitted, unencrypted, over the local bus.
Note: Disabling the STC admin channel is service affecting. It causes an STC service restart, which temporarily terminates all existing STC links to the appliance. It also terminates the existing HSM login session.
1.Open a LunaSH session on the appliance and log in as the HSM SO.
2.Enter the following command to enable the STC admin channel:
hsm stc disable
For example:
lunash:>hsm stc disable
Disabling STC on the admin channel will require a restart of STC service.
Any existing STC connections will be terminated.
Type 'proceed' to disable STC on the admin channel, or 'quit'
to quit now.
> proceed
Successfully disabled STC on the admin channel.
Command Result : 0 (Success)
STC provides several configurable options that define the network settings for an STC link, and the security settings for the messages transmitted over the link. Although default values are provided that provide the optimal balance between security and performance, you can override the defaults, if desired. See "Configuring the Network and Security Settings for an STC Link" for more information.