|
Home > |
Configuration Guide > Optional Configuration Tasks
|
|---|
After completing the base configuration, you can also perform any of the following optional configuration tasks:
You can synchronize a Luna SA appliance with a network time protocol (NTP) server. NTP provides a reliable, consistent, and accurate timing mechanism for the appliance using Coordinated Universal Time (UTC), and is the recommended option for providing an accurate date and time for the appliance. Luna SA also provides secure NTP. See Timestamping – NTP and Time Drift in the Luna SA Appliance Administration Guide.
High Availability (HA) mode allows you to automatically replicate the data on a HSM/partition over two or more physical HSMs to provide redundancy and load balancing. Applications using an HA HSM/partition do not access it directly. Instead, the HA software creates a virtual slot for the partition and manages which physical HSM is actually used when responding to an application request. See High-Availability (HA) Configuration and Operation in the Administration Guide.
You can use the Luna SNMP MIB to monitor the performance of your HSMs. See SNMP Monitoring in the Administration Guide.
If you are configuring a PED-authenticated HSM, you can configure it to use a remote PED, which allows you to authenticate to the HSM from a remote location. See Remote PED in the Administration Guide.
You can still backup and restore system configuration data with other commands (see below), but you must no longer use the command sysconf config factoryReset.
The command sysconf config factoryReset restores a collection of system settings to (as near as possible) the values that existed when the baseline configuration was recorded at the Gemalto-SafeNet factory. This includes values, pointers, and other settings.
Within a major release (such as 5.0.x through 5.9.x), this works well as a method of returning your appliance to the baseline configuration. However, those settings are just the numbers and values that prevailed at that time. The recorded baseline does not include files and folders. It assumes that they exist, so only the pointers to them are recorded.
If your Luna SA was not received with appliance software version 6.x already installed, then you are probably updating from version 5.x to version 6.x. This is a major system change, which changes a number of resources, file locations/names and other factors. This means that you should make a new baseline configuration summary, because some elements of the old one now point to resources, files, and other elements that no longer exist. If you run the Luna Shell (lunash) command sysconf config factoryReset -service all after such a major update, but without creating a new baseline, the system can enter an indeterminate state and require return to Gemalto-SafeNet for re-manufacture.
To avoid such a situation, as described above, create a named backup configuration, and later restore from it, following these steps.
1.Once you update from Luna 5.x to Luna 6.0 or newer, use command sysconf config backup to create a baseline configuration backup.
lunash:>sysconf config backup -description "This_is_your_6.0.0_backup" Created configuration backup file: SA27_Config_20150505_1439.tar.gz Command Result : 0 (Success)
2.To restore the new baseline backup use command sysconf config restore -file <name of the baseline> to restore the configuration.
lunash:>sysconf config restore -file SA27_Config_20150505_1439.tar.gz -service all -force This command restores the previous configurations from the backup file: SA27_Config_20150505_1439.tar.gz Force option used. Proceed prompt bypassed. Created configuration backup file: SA27_Config_20150505_1443.tar.gz Restore the ntls configuration: Succeeded. Restore the network configuration: Succeeded. Restore the syslog configuration: Succeeded. Force option used. Proceed prompt bypassed. All key and certificates files were deleted. You must restart NTP for the changes to take effect. Check NTP status after restarting it to make sure that the client is able to start and sync with the server. Restore the ntp configuration: Succeeded. Restore the snmp configuration: Succeeded. Restore the ssh configuration: Succeeded. Restore the users configuration: Succeeded. Restore the system configuration: Succeeded. You must either reboot the appliance or restart the service(s) for the changes to take effect. Please check the new configurations BEFORE rebooting or restarting the services. You can restore the previous configurations if the new settings are not acceptable. Command Result : 0 (Success)