Home > |
---|
The K6-based HSMs include the SafeXcel 1746 security co-processor, which is used to offload packet processing and crypto computations from the host processor. Use of the SafeXcel 1746 security co-processor can affect performance, and is therefore optional. When enabled, the SafeXcel 1746 security co-processor improves application bulk performance, at the expense of small-packet performance. When disabled, small-packet performance is improved, at the expense of application bulk performance. Data packets less than 1Kb in size are considered small.
You can enable or disable the SafeXcel 1746 security co-processor via the PE1746Enabled statement in the Chrystoki.conf file (Linux and UNIX) or the crystoki.ini file (Windows). The SafeXcel 1746 security co-processor is disabled (0) by default.
Note: K6-based HSMs have a limit of 1000 contexts for SafeXcel 1746 operations, which is a consideration when many client threads are involved, and depends upon the number of concurrent threads.
1.Login to your Luna client workstation as an administrator.
2.Open the Chrystoki.conf (Linux and UNIX) or crystoki.ini (Windows) file, as relevant, for editing. The PE1746Enabled statement is located in the Misc section of the file, for example:
Misc = {
PE1746Enabled = 1;
reconnAtt = 50;
logLen = 262144;
haLog = /usr/safenet/lunaclient/bin/;
}
3.Set the value for PE1746Enabled as required. Set to 1 to enable. Set to 0 to disable.
The PE1746Enabled setting can affect HA. See "HA Operational Notes" for more information.
Because of the effect on some operations, it can happen that a large update to Luna SA can fail verification if PE1746Enabled= 0 in the Luna SA's internal configuration settings. A patch is available to force PE1746Enabled= 1 on the appliance.