|
Home > |
|---|
Following the instructions in the previous sections, you have already:
•registered and assigned a Client to a Luna SA HSM Partition.
All that is required for a Client application to begin using a Luna SA HSM Partition (to which the Client has been assigned) is the standard handshake sequence:
•the client establishes an NTLS connection with the Luna SA (port 1792)
•the client requests a list of available Partitions (if not already known)
• Luna SA responds with a list of only those Partitions to which the requesting Client has been assigned
•the client chooses a Partition from the available, assigned Partitions
• Luna SA demands the password for the selected Partition
•the Client (which may also be called Crypto User if you are using the Crypto Officer / Crypto User authentication and access model ) provides the appropriate password
• Luna SA grants access, and the Client application begins using the Partition.
Your application should be capable of performing the above actions.
If your Client application is having difficulty using Luna SA
for Client tasks, and if you have already verified the connection and
the configuration (using multitoken and CMU utilities - see "Multitoken" or see "About the CMU Functions" ), then there may
be a problem with the configuration of your Client application. Try the
following suggestions before calling for support.
If your Luna SA is a Password Authentication model, then you should look to your application setup for the source of the problem. It might require special configuration to use a Hardware Security Module (HSM). Or, if Luna SA has replaced another HSM product (including a SafeNet product) you will need to modify the application to recognize the new device.
Note: Refer to the SDK Reference Guide and to the application integration documents provided by SafeNet Technical Support for information and advice on integrating many popular applications and services with Luna SA.
However, if your Luna SA is a PED Authenticated model, then be aware that having the Client application present the Partition Password is not sufficient to access the HSM Partition. The HSM Partition must also be in a special login state called activation (see ), meaning that the Partition Owner (or Crypto Officer) must have logged in (with the correct black Partition Owner (or Crypto Officer) PED Key), and not logged out again before your application tried to connect. To ensure that the HSM Partition is always in the desired state, we recommend that you autoActivate ( see "About Activation and Auto-Activation " ) the Partition, so that it can accept Client authentication and access at any time without human intervention at the Luna SA appliance.
If you wish minute-by-minute control of a client's ability to access the HSM, without need for human presence at the appliance location, you could use the Remote PED feature ( see " About Remote PED" ).