|
Home > |
|---|
Set the remote PED connection (rped) or PED key interaction (pedk) timeout values:
•rped - is the connection inactivity timeout. The default is 1800 seconds (30 minutes). While we do not anticipate any great security risk from having a Remote PED connection left open and unused for long periods, we do suggest that having sessions open indefinitely might be an invitation, so set the rped value as long as you realistically need, but not more.
•pedk - is for PED Key activities in particular. The default is 100 seconds. It might be useful to increase that timeout if you are initializing your HSM with large values for MofN on some-or-all PED Keys. We have tested initializations with all secrets set to the maximum Mof N, equal to 16 of 16, and a pedk value of 900 seconds (15 minutes) was adequate to complete the necessary interactions. If you are not using MofN, then leave 'pedk' at its default value.
•pedo - is for SFF remote backup due to the duration of the initialization operation.
After rped expires, you must re-establish the Remote PED link with hsm ped disconnect and hsm ped connect before issuing any HSM or application partition commands that require PED interaction. We recommend running disconnect before reconnecting because, although the link normally disconnects cleanly upon timeout, it can happen that the link is left in an indeterminate state, and a disconnect before a connect corrects that.
hsm ped timeout set -type <type> -seconds <seconds>
| Parameter | Shortcut | Description |
|---|---|---|
| -seconds | -s |
Specifies the timeout value, in seconds, for the specified type. Range: 1 to 99999 Defaults: 1800 (rped), 200 (pedk), 820 (pedo) |
| -type | -t |
Specifies the timeout type. Valid values: •rped - set the remote PED connection inactivity timeout. •pedk - set the PED key timeout. •pedo - set the entire PED operation timeout. |
lunash:>hsm ped timeout set -type rped -seconds 2000
Set the timeout value to 2000 seconds.
Command Result : 0 (Success)