|
Home > |
Configuration Guide > [Step 7] Create a Trusted Link and Register Client and Appliance With Each Other
|
|---|
In this section, setup a network trust link (NTL) between a LunaClient and an application partition on a SafeNet Network HSM, then register each with the other, enabling applications on a client computer to access the partition.
Note: This feature is not currently supported for use with IPv6 networks.
Before using the "deploy" option, the following pre-requisite conditions must be in place:
•The SafeNet Network HSM's server.pem file must be available on the appliance (sysconf regenCert command in lunash).
•An application partition must exist on the HSM (use the partition create command in lunash - you did this in [Step 5] Create Application Partitions).
Two files, pscp and plink (previously part of the Windows installation) are included on all platform installations to make the deploy option possible (see clientconfig deploy of the LunaCM Command Reference Guide). Those files are 32-bit applications. For Linux 64-bit platforms only, ensure that glibc.i686 is installed.
Note: If you do not wish to install glibc.i686, you must use multi-step NTLS configuration. See [Step 7] Create a Network Trust Link Between the Client and the Appliance in the Appliance Administration Guide.
1.On the client computer, where lunaclient is installed, launch lunacm.
2.In lunacm, run the clientconfig deploy command:
lunacm:> clientconfig deploy -server <appliance_IP> -client <client_IP/hostname> -partition <partition_name> [-password <password>] [-user <username>]
[SA192201730] lunash:>hsm init -label mysa30hsm
Please enter a password for the HSM Administrator:
> ********
Please re-enter password to confirm:
> ********
Please enter a cloning domain to use for initializing this HSM:
> ********
Please re-enter cloning domain to confirm:
> ********
CAUTION: Are you sure you wish to initialize this HSM?
Type 'proceed' to initialize the HSM, or 'quit'
to quit now.
> proceed
'hsm init' successful.
Command Result : 0 (Success)
[SA192201730] lunash:>hsm login
Please enter the HSM Administrators' password:
> ********
'hsm login' successful.
Command Result : 0 (Success)
[SA172201730] lunash:>partition create -partition mysa30leg -label mysa30leg
On completion, you will have this number of partitions: 1
Please enter a password for the partition:
> ********
Please re-enter password to confirm:
> ********
Please enter a cloning domain to use when creating this partition:
> ********
Please re-enter cloning domain to confirm:
> ********
Type 'proceed' to create the initialized partition, or
'quit' to quit now.
> proceed
'partition create' successful.
Command Result : 0 (Success)
[SA172201730] lunash:>
lunacm:> clientconfig deploy -server 192.20.17.30 -client MyTestTower -partition mysa30leg -password pA_s$werd9 Please wait... The server's host key is not cached in the registry. You have no guarantee that the server is the computer you think it is. The server's rsa2 key fingerprint is: ssh-rsa 2048 15:86:1d:82:d9:8f:e9:51:90:62:0d:f5:87:e5:89:a3 If you trust this host, enter "y" to add the key to PuTTY's cache and carry on connecting. If you want to carry on connecting just once, without adding the key to the cache, enter "n". If you do not trust this host, press Return to abandon the connection. Store key in cache? (y/n) y Using username "admin". Last login: Thu Jun 9 20:39:09 2016 from 10.105.186.208 Luna SA 6.3.0 Command Line Shell - Copyright (c) 2001-2016 SafeNet, Inc. All rights reserved. New server 192.20.17.30 successfully added to server list. The following Luna SA Slots/Partitions were found: Slot Serial # Label ==== ================ ===== 0 16298193222735 mysa30leg 1 16298193222734 mysapsopar1 Command Result : No Error lunacm:>