Home > |
---|
Here are the basic steps to follow when setting up to use SIM with two Luna appliance units.
1.Initialize the first Luna appliance. Refer to the Configuration section of this Help. The domain created during this initialization (a text string for Password Authenticated Luna appliance, or a red PED Key for PED Authenticated Luna appliance) will be used as the domain for backup tokens and for the second Luna appliance.
2.Create the partition on the first Luna appliance.
3.Connect the backup HSM to the appliance USB port.
4.Insert the token into Luna Dock2, which is connected to the appliance USB port.
5.Initialize the backup HSM or token using token backup init lush command, with the same domain. Follow the on-screen prompts. Use the domain from step 1.
6.Initialize the second Luna appliance. Use the same cloning domain as was used on the first Luna appliance .
7.Create the partition on the second Luna appliance.
8.Connect the backup HSM to the appliance USB port.
9. Insert the token into Luna Dock2, which is connected to the appliance USB port.
10.Perform hsm restore from the admin shell. Once this is completed, you now have both Luna appliances able to mask and unmask keys using the same “master” key.
11.Set up your Clients and register both Luna appliances with each Client. In ckdemo, if you select option 14 (Slot List) and select “Only slots with token present”, you should see two LunaNet slots.
12.When the lunaSign::Login function executes it will always login to slot 1 and slot 1 will always be there as long as at least 1 Luna appliance is operational and accessible. The Login function returns the number of slots with “tokens” present (in other words the number of accessible Luna appliance partitions). In normal operation in the above case the value should be 2. If it returns with less than 2, then there is an added function that can be called that will return the identity of the still live unit.