Home > |
---|
Following the instructions in the previous sections, you have already:
•registered and assigned a Client to a SafeNet Network HSM Partition.
All that is required for a Client application to begin using a SafeNet Network HSM Partition (to which the Client has been assigned) is the standard handshake sequence:
•the client establishes a Network Trust Link connection with the SafeNet Network HSM (port 1792)
•the client requests a list of available Partitions (if not already known)
• SafeNet Network HSM responds with a list of only those Partitions to which the requesting Client has been assigned
•the client chooses a Partition from the available, assigned Partitions
• SafeNet Network HSM demands the password for the selected Partition
•the Client (which may also be called Crypto User if you are using the Crypto Officer / Crypto User authentication and access model ) provides the appropriate password
• SafeNet Network HSM grants access, and the Client application begins using the Partition.
Your application should be capable of performing the above actions.
If your Client application is having difficulty using SafeNet Network HSM
for Client tasks, and if you have already verified the connection and
the configuration (using multitoken and CMU utilities - see Multitoken or see About the CMU Functions ), then there may
be a problem with the configuration of your Client application. Try the
following suggestions before calling for support.
If your SafeNet Network HSM is a Password Authentication model, then you should look to your application setup for the source of the problem. It might require special configuration to use a Hardware Security Module (HSM). Or, if SafeNet Network HSM has replaced another HSM product (including a SafeNet product) you will need to modify the application to recognize the new device.
Note: Refer to the SDK Reference Guide and to the application integration documents provided by SafeNet Technical Support for information and advice on integrating many popular applications and services with SafeNet Network HSM.
However, if your SafeNet Network HSM is a PED Authenticated model, then be aware that having the Client application present the Partition Password is not sufficient to access the HSM Partition. The HSM Partition must also be in a special login state called activation (see ), meaning that the Partition Owner (or Crypto Officer) must have logged in (with the correct black Partition Owner (or Crypto Officer) PED Key), and not logged out again before your application tried to connect. To ensure that the HSM Partition is always in the desired state, we recommend that you autoActivate ( see About Activation and Auto-Activation ) the Partition, so that it can accept Client authentication and access at any time without human intervention at the SafeNet Network HSM appliance.
If you wish minute-by-minute control of a client's ability to access the HSM, without need for human presence at the appliance location, you could use the Remote PED feature ( see About Remote PED ).