Home > |
---|
The two power supplies in the SafeNet Network HSM appliance are hot-swap capable, meaning that one is sufficient to power the appliance while the other is removed and replaced, with no service interruption. The indicator light (LED) on each power supply shows different behavior, depending upon the situation and the condition of each PS.
Power Supply Condition | Power Supply LED |
---|---|
DC present/only standby output on |
Flashing green (1Hz) |
Power supply DC output ON and OK |
Steady green |
Power supply failure |
Steady RED |
Power supply warning |
Flashing Blue/Red (1Hz) alternating |
Input power failure (only in n+1 configuration) |
Flashing Red (1Hz) |
A power supply controller in the appliance monitors the state of the power supplies. It ensures that a failed power supply still gets sufficient direct current from the remaining power supply to light the indicator LED. The controller also sounds an audible alarm when there is a problem, such as one power supply not being connected to AC main power.
If only one power supply is present, the audible alarm is silent. If you wish to operate your SafeNet Network HSM appliance with only one power supply, we recommend that you remove the second supply to silence the audible alarm.
You may need to replace a power supply in the event of a failure.
1.To remove a power supply, face the back of the appliance.
2.Disconnect/unplug the selected power supply.
3.Press the lever sideways to release the power supply retaining catch, and simultaneously pull the handle out toward you.
Withdraw the power supply completely, using your other hand to support the body of the power supply as it emerges.
1.To replace a power supply, reverse the steps above. Press firmly to seat the connector. The power supply can be fully inserted only in its proper orientation.
2.Connect an AC power cord.
In normal operation, the fans should require no maintenance.
You might need to perform the following tasks:
•clean the filter (occasionally)
•replace a defective fan (rarely)
Here is a normal front-view of the SafeNet Network HSM appliance .
The decorative front bezel is attached to the appliance by spring clips. It is not needed for appliance operation, meaning that you can remove the bezel while the appliance is operating, with no ill effect. However, if the appliance can be switched off (not currently in production/service), then the filter can be removed and cleaned more easily - less chance of knocking dirt into the airflow while handling the filter.
1. First disconnect any cables that are connected to front-panel connectors (serial terminal, SafeNet PED, USB devices), then grasp the bezel near each end, and tug sharply toward you, while tipping it slightly downward. The bezel should come loose in your hands. Put it aside.
2.The ventilation grille, located to the right, on the appliance front panel, is secured in two parts, by two screws - a knurled, captive thumb-screw, and a Torx T8 screw. The knurled screw can be fastened or released without tools. It secures the lattice screen that in turn retains the mesh air filter.
While we recommend controlled-atmosphere environments for greatest longevity and reliability of the equipment, we recognize that some environments might include some dust in the air. The mesh filter traps larger particulate matter before it can be drawn into the interior of the appliance. In less-than-perfect non-clean-room conditions, the mesh might accumulate a buildup of dust, and should be cleaned occasionally for best cooling airflow into the equipment.
1.Twist the knurled knob counter-clockwise until it no longer secures the airflow lattice. The lattice is anchored at its left end by two tabs, and can be easily pulled off the appliance, once the knurled retaining screw is loosened. Do so.
2.With the air filter exposed, it is easy to grasp the mesh with fingers and tug it free. The mesh is flexible and is held in its cavity only by friction. If it is dusty, handle carefully so as not to dislodge any dirt that could then be sucked in by the fans.
3.To clean the filter, either blow it out with compressed air (away from the vicinity of the appliance), or rinse with water. If using water, ensure that the mesh is dry before reinstalling.
4.To reinstall the mesh, place it in its cavity in front of the fans, and use fingers or a blunt tool to tuck-in the corners.
5.Then, replace the lattice in front of the mesh by inserting the tabs first, then swinging the lattice closed like a door, and securing with the knurled screw.
The three fan modules (each containing two in-line fans) provide cooling redundancy. If one fan or module fails, it is detected by sensors. View a summary of appliance sensor conditions by running the lunash command "status sensors". In the FAN section of the command output, the fans are listed in the order that they appear, left-to-right, as viewed from the front of the appliance. The example shows a fault with the first fan module.
----------- Front Cooling Fans Status --------------
FAN1A lnr 0 RPM Unplugged or Failed
FAN1B lnr 0 RPM Unplugged or Failed
FAN2A OK 3000 RPM
FAN2B OK 2900 RPM
FAN3A OK 2900 RPM
FAN3B OK 3000 RPM
CAUTION: Opening the fan bay causes a system tamper event
We recommend that you use scheduled system maintenance downtime for this activity, as it will temporarily disrupt your client's access to your HSM partitions.
If the system detects a tamper event, the HSM stops responding until you reboot (sysconf appliance reboot), or until you use the Stop/Start switch on the appliance rear panel.
When the system returns from restarting, one of two scenarios applies, depending on your authentication method:
If your HSM is password authenticated, or if your HSM is PED authenticated but it does not have "Store MTK Split Externally" set to True, then the HSM returns to find both splits of the MTK available and it immediately reconstitutes the MTK, allowing you to resume operations.
Note: Partition authentication data is de-cached by the tamper - you must "partition activate -partition <name-of-partition>" each of your HSM partitions before your clients can resume accessing them. That is, partition activation does not survive a tamper event.
If your HSM is PED authenticated, and it does have "Store MTK Split Externally" set to True, then the HSM returns to find only one of the splits of the MTK available and it uses the PED to demand the other MTK split (the SRK) from your purple PED Key. When that is presented, the HSM reconstitutes the MTK, allowing you to resume operations.
Note: Partition authentication data is de-cached by the tamper - you must "partition activate -partition <name-of-partition>" each of your HSM partitions before your clients can resume accessing them. That is, partition activation does not survive a tamper event. In either case, you can examine the hsm.log for tamper events: syslog tail -logname hsm -search tamper -entries 200
Note: Accessing the air filter mesh in front of the fans (using the thumbscrew to open the retaining grille) does not cause a tamper.
1.To open the fan bay, use a Torx number 8 screwdriver to remove the screw that secures the right-side tab of the fan retainer.
2.The fan retainer is anchored at its left by two tabs - swing the retainer out like a door, and remove it. There is no need to separate the filter mesh and its retainer from the larger fan retainer; the assembly can come out as one piece. The illustration below happens to show them separated.
3.The fan modules are now exposed and are held in place only by the friction of their electrical connectors.
4.Grasp the handle of the selected fan module and pull straight out toward you.
5.After slight initial resistance, the fan module should easily slide free of the appliance.
6.To replace the fan module or install a new one, reverse the above sequence.
The index peg on the back of the module, and the matching index hole at the back of the fan bay, ensure that the module can be inserted only in its proper orientation.
7.Close up, replace the bezel, reconnect any cables, and return the appliance to service. If the power was left on during the operation, you will nevertheless need to restart (sysconf appliance reboot) in order to clear the tamper event caused by opening the fan bay.
8.You will also need to re-Activate your HSM Partitions (partition activate -partition <name-of-partition>), so that they once more become available to your registered clients.
Removing, cleaning, and replacing the fan filter (the black mesh behind the grille) does not cause a tamper, and can be done at any time without disrupting your Clients.
Opening the fan bay (behind the filter), by unscrewing that Torx screw, does cause a tamper and therefore some down-time for your Clients. If only one fan module is showing a defect, you can probably leave replacing it until scheduled down-time, during which there would be no unexpected disruption to your Clients.
If you prefer these instructions illustrated by photographs, Hardware Maintenance.