Home > |
Installation Guide > SafeNet Remote PED Installation and Configuration > Installing and Configuring a SafeNet Remote PED
|
---|
The standard SafeNet PED is intended to connect directly to the HSM, and receives its power, as well as instructions and data via that connection. The Remote PED can act as a local PED, when needed, and connects as described above. When used in Remote PED mode, the SafeNet PED 2 connects to a computer via USB, and therefore requires some additional hardware.
Remote PED can be distinguished from local PED by:
• an orange label PED Remote to the right of the SafeNet logo
• availability of menu item [7] Remote PED from the PED's main menu.
The following items are included with your Remote PED. All are required for a successful installation.
Quantity | Item |
---|---|
1 |
SafeNet PED 2 (Remote PED Capable and with firmware 2.4.0-3 or greater)
|
1 |
SafeNet PED Power Supply kit with replaceable mains plug modules for international use (required when the PED is operated in Remote PED mode)
|
1 |
Cable, USB 2.0, Type A to Mini B connectors (for Remote PED operation).
|
1 |
Cable, Data, 9-pin, Micro-D to Micro-D connectors (for local PED operation).
|
1 |
Ten-pack of iKey 1000 PED Keys, and sheets of peel-and-stick labels
|
The Remote-Capable PED can be used either locally, connected directly to a SafeNet HSM (exactly as for the standard PED), or remotely when connected to a suitable workstation and the electrical main power supply.
The normal local use of a PED with Remote PED capability is to use it in local mode to prepare an HSM. This is done by imprinting an RPV (remote PED vector) onto the HSM and also onto an RPK (the orange Remote PED Key) before shipping the HSM to its remote location. Then the PED can be switched to Remote PED mode, to serve any HSM that has an appropriate RPV.
Step | Action |
---|---|
1 |
Local OPERATION [Ongoing] To use your HSM appliance and PED for local operation only, refer to the instructions in the Configuration Guide and the HSM Administration Guide. |
2 |
Local OPERATION [Preparing for Remote Use] To prepare an HSM for Remote PED operation, it needs a minimum of preparation as described in this section, below. |
3 |
[Preliminary] From the software media (DVD or downloaded, un-tarred archive file), install the SafeNet HSM Client software, ensuring that Remote PED option is selected, onto the selected Windows computer that will act as the PED server to your remotely located SafeNet HSM, and let the Windows “Found New Hardware” dialog install it. The PedServer.exe and PedClient.exe applications are installed in the SafeNet HSM Client folder along with any other SafeNet tools. |
4 |
[Preliminary] For SafeNet Network HSM, configure your HSM appliance for your network. Refer to the relevant Configuration Guide sections. Imprint the HSM with a Remote PED Key (orange); see below. Once the HSM is associated with an orange PED Key, all further configuration and administration can be performed remotely. |
5 |
To use the PED locally (for first orange PED Key imprint), connect the PED directly to the PED port of the HSM that you will later be using remotely.
|
6 |
On power-up, the PED defaults to local mode.
Follow the instructions in the SafeNet HSM documentation to: • [for SafeNet Network HSM only] log in as “admin” to the appliance (SSH session or local serial connection) • [for SafeNet Network HSM] issue the LunaSH command hsm ped vector init, or • bring the imprinted (orange) Remote PED Key to your workstation, along with a Remote-capable PED • the HSM can now be shipped to its remote locale You can perform other maintenance at this time, if convenient, but only the foregoing steps were required to be done locally - all future configuration and administration can be performed remotely. |
Once an HSM has been imprinted with a Remote PED Key (RPK) vector, you can begin administering remotely, while also authenticating remotely from any workstation that has PEDServer software and driver, a remote-capable PED, and an orange PED Key with the correct RPK (that you just imprinted in the previous steps).
Step | Action |
---|---|
1 |
REMOTE OPERATION Perform the following steps to begin using your computer as a PED Server Workstation, connecting remotely to the distant HSM appliance. |
2 |
[Prepare the PED Power Supply] On the PED power supply, slide the release catch as shown by the heavy arrow, and lift the pin protector (thinner arrow) from the power supply.
|
3 |
Choose a plug style that is appropriate for your country and place it in the power supply, top end first, then snap the bottom end in the direction indicated by the arrow.
|
4 |
For Remote PED operation: •connect the power supply to the AC mains, •connect the DC power plug of the power supply to the DC power receptacle on the top of the PED,
•connect the USB cable between the USB micro connector on the PED and a USB socket on your computer. |
5 |
At the workstation-connected PED: •press [ < ] on the PED keypad to exit Local mode,
•press [ 7 ] to enter Remote PED mode. |
6 |
In a command-prompt window on the workstation start the PEDserver program in its listening mode c:\<yourRemotePED-dir>\pedserver -m start
|
7 |
Run the command pedserver –m show to verify that the PED is detected, and the system is ready for remote connection. |
8 |
Start the PED Client - the Remote PED enabling process on the HSM host(for example):
The Remote PED Client in the HSM appliance connects with the listening PEDserver (your workstation). |
9 |
Perform an hsm login or role login -name SO (as appropriate. The PED prompts first for the Remote PED Key. Insert the imprinted Remote PED Key associated with the connecting HSM appliance, and press [Enter].
|
10 |
Begin using and administering the remotely located SafeNet HSM appliance via ssh session, and providing PED Key authentication via the workstation-connected Remote PED, whenever requested. Review the SafeNet Network HSM Help for information about timeouts with respect to Remote PED. |
Note: Remote PED is served from a host computer running LunaClient PEDServer software. A Remote PED session is called by an instance of PEDClient running on the computer hosting the SafeNet HSM. In some cases, such as SafeNet Network HSMs behind strict firewalls, the HSM host is not allowed to initiate the connection. In that case, you can initiate a Remote PED session from the PEDServer side, providing that the computer hosting the PED has obtained and registered the SafeNet Network HSM's server.pem certificate.