Home > |
---|
This section provides an overview of the SNMP implementation and describes how to install the SNMP subagent.
We provide the following MIBs (management information base):
MIB Name | Description |
---|---|
CHRYSALIS-UTSP-MIB.txt | Defines SNMP access to information about the SafeNet appliance. |
SAFENET-HSM-MIB.txt | Defines SNMP access to information about the SafeNet HSM. |
SAFENET-GLOBAL-MIB.txt | Must be found in your system path so that symbols can be resolved. |
SAFENET-APPLIANCE-MIB.txt | Reports the software version of SafeNet Network HSM appliance. |
Copy all MIBs in <luna client install dir > to the MIB directory on your system.
For SafeNet Network HSM, the host is the appliance, so all the above MIBs are in the appliance, to support SNMP.
We find that most customers choosing to use SNMP already have an SNMP infrastructure in place. Therefore, we provide a subagent that you can install on your managed workstations, and which can point to your agent via the socket created by the agent. This applies to SafeNet USB HSM and SafeNet PCI-E HSM - for SafeNet Network HSM, the subagent is already on the appliance.
The SNMP subagent (luna-snmp) is an AgentX SNMP module that extends an existing SNMP agent with support for SafeNet HSM monitoring. It is an optional component of the SafeNet HSM client installation. The subagent has been tested against net-snmp, but should work with any SNMP agent that supports the AgentX protocol.
After selecting one or more products from the main SafeNet HSM Client installation menu, you are presented with a list of optional components, including the SNMP subagent. It is not selected by default, but can be installed with any product except the SafeNet Network HSM client installed in isolation.
1.In the installation media, go to the appropriate folder for your operating system.
2.Run the installer (install.sh for Linux and UNIX, LunaClient.msi for Windows).
3.Choose the SafeNet products that you wish to install, and include SNMP among your selections. The subagent is installed for any SafeNet product except SafeNet Network HSM in isolation.
4.Proceed to Post-installation configuration.
After the SafeNet HSM client is installed, complete the following steps to configure the SNMP subagent:
1.Copy the SafeNet MIBs from <install dir>/snmp to the main SNMP agent’s MIB directory. Or copy to another computer (your SNMP computer) if you are not running SNMP from the same computer where SafeNet Client software is installed.
2.If running on Windows, configure the subagent via the file <install dir>/snmp/luna-snmp.conf to point to the AgentX port where the main SNMP agent is listening. The file must then be copied to the same directory as snmpd.conf. (This assumes net-snmp is installed; the setup might differ if you have another agent.)
If running on a UNIX-based platform, the subagent should work without extra configuration assuming that the primary SNMP agent is listening on the default local socket (/var/agentx/master). You still have the option of editing and using luna-snmp.conf.
3.After configuration is complete, start the agent. Then start the subagent via the service tool applicable to your platform (for example, “service luna-snmp start” on Linux, or start SafeNet SNMP Subagent Service from the services in Windows).
Normally the agent is started first. However, the subagent periodically attempts to connect to the agent until it is successful. The defaults controlling this behavior are listed below. They can be overridden by changing the appropriate entries in luna-snmp.conf.
Option | Description | Default |
---|---|---|
agentXSocket [<transport-specifier>:]<transport-address>[,...] |
Defines the address to which the subagent should connect. The default on UNIX-based systems is the Unix Domain socket "/var/agentx/master". Another common alternative is tcp:localhost:705. See the section LISTENING ADDRESSES in the snmpd man page for more information about the format of addresses (http://www.net-snmp.org/docs/man/snmpd.html). |
The default, for Linux, is "/var/agentx/master". In the file, you can choose to un-comment "tcp:localhost:705" which is most commonly used with Windows. |
agentXPingInterval <NUM> | Makes the subagent try to reconnect every <NUM> seconds to the master if it ever becomes (or starts) disconnected. | 15 |
agentXTimeout <NUM> | Defines the timeout period (NUM seconds) for an AgentX request. | 1 |
agentXRetries <NUM> | Defines the number of retries for an AgentX request. | 5 |