Appliance Administration
There are several ways to access to your SafeNet Luna PCIe HSM appliance to perform administrative operations, depending on what works best for you and your organization. They include:
>LunaSH command line interface: a standard command line that can be accessed by using any SSH-capable utility.
>SafeNet REST API: a secure web application that you can install on a SafeNet Luna Network HSM to perform some of the functions provided by LunaSH via scriptable REST APIs.
>SafeNet Crypto Command Center: a web-based application that provides separate administrative and application owner interfaces to manage of your HSM.
The LunaSH command line interface is the standard secure interface with which you can perform operations on your HSM. It creates a secure administration channel for administrative sessions only. The REST API is specifically tailored for the management of your appliance, and does not allow applications to perform cryptographic operations. Crypto Command Center is a highly useable web-based application that facilitates rapid service provisioning and employment. Each of these administrative interfaces allows you to efficiently manage your appliance in different ways.
For detailed instructions on using the LunaSH command line, see the Administration Guide. For the REST API and Crypto Command Center applications, refer to their corresponding documentation.
Appliance Management
The SafeNet Luna PCIe HSM appliance comes equipped with features that prevent attackers from stealing your proprietary information. Some of these features need to be maintained for maximum protection, and doing so is simple and efficient.
Physical Maintenance
Physical maintenance, such as replacing power supplies and fans, does not require you to turn off your HSM. This allows you to continue working, and return to the appliance as you left it once you finish maintenance.
Appliance Roles and Users
Appliance roles, users, and time are configured independently from the HSM(s) inside the appliance. This separation of duties is beneficial to keeping a secure environment and to easily delegate responsibilities to personnel as you wish.
When you login to the SafeNet appliance via LunaSH the accepted IDs are admin which requires the admin password, operator, which requires the operator password, or monitor which requires the monitor password.
As the appliance admin, you can connect and log in locally, via a serial terminal, or remotely via SSH. With no further authentication, admin can perform general, appliance-level administration (not accessing the HSM), and can run view/list/show/display commands on the HSM that do not make changes. Admin sees the full available command set, while operator- and monitor-level users see only subsets that allow them use or read-only access to the appliance respectively. Additional, custom user roles can also be created to restrict user access to specific commands and operations.
Appliance Authentication
If any administrative user attempts an HSM command that needs authentication, the interface prompts for that authentication.
On PED-authenticated systems, you are directed to the PED, which prompts for PED keys and keypad actions.
The way you manage and configure your appliance is flexible, adapting to your needs.