Opening a Remote PED Connection

If you encounter issues, see Remote PED Troubleshooting.

The HSM/client administrator can use this procedure to establish an HSM-initiated Remote PED connection. You require:

>Administrative access to a network-connected workstation with PEDserver installed and Luna PED connected (see Installing PEDserver and Setting Up the Remote Luna PED)

>Orange PED key with the HSM's RPV (see Initializing the Remote PED Vector (RPV) and Creating the Orange PED Key)

>Administrative access to the SafeNet Luna PCIe HSM host via SSH

To open a Remote PED connection:

1.Open an Administrator command prompt by right-clicking the Command Prompt icon and selecting Run as administrator. This step is not necessary if you are running Windows Server 20xx, as the Administrator prompt is launched by default.

2.Navigate to the SafeNet Luna HSM Client install directory.

>cd C:\Program Files\SafeNet\LunaClient\

3.Launch PEDserver. See pedserver for all available options. If you are launching PEDserver on an IPv6 network, you must include the -ip option.

>pedserver mode start [-ip <PEDserver_IP>]

C:\Program Files\SafeNet\LunaClient>pedserver mode start
Ped Server Version 1.0.6 (10006)
Ped Server launched in startup mode.
Starting background process
Background process started
Ped Server Process created, exiting this process.
 

4.Verify that the service has launched successfully.

>pedserver mode show

Note the Ped2 Connection Status. If it says Connected, PEDserver is able to communicate with the Luna PED.

Note also the server port number (default: 1503). You must specify this port along with the PEDserver host IP when you open a connection.

c:\Program Files\SafeNet\LunaClient>pedserver mode show
Ped Server Version 1.0.6 (10006)
Ped Server launched in status mode.
 
   Server Information:
      Hostname:                           DWG9999
      IP:                                 0.0.0.0
      Firmware Version:                   2.7.1-5
      PedII Protocol Version:             1.0.1-0
      Software Version:                   1.0.6 (10006)
 
      Ped2 Connection Status:             Connected
      Ped2 RPK Count                      0
      Ped2 RPK Serial Numbers             (none)
 
   Client Information:                    Not Available
 
   Operating Information:
      Server Port:                        1503
      External Server Interface:          Yes
      Admin Port:                         1502
      External Admin Interface:           No
 
      Server Up Time:                     190 (secs)
      Server Idle Time:                   0 (secs) (0%)
      Idle Timeout Value:                 1800 (secs)
 
      Current Connection Time:            0 (secs)
      Current Connection Idle Time:       0 (secs)
      Current Connection Total Idle Time: 0 (secs) (100%)
      Total Connection Time:              0 (secs)
      Total Connection Idle Time:         0 (secs) (100%)
 
Show command passed.
 

5.Use ipconfig to determine the PEDserver host IP. A static IP is recommended, but if you are connecting over a VPN, you may need to determine the current IP each time you connect to the VPN server.

>ipconfig

6.Via SSH, launch LunaCM on the SafeNet Luna PCIe HSM host.

7.Initiate the Remote PED connection.

lunacm:>ped connect -ip <PEDserver_IP> -port <PEDserver_port> -slot <slot>

NOTE   The -slot option may be required if you have multiple SafeNet Luna PCIe HSMs installed in one server. If you do not include this option, the currently-active slot is used.

lunacm:>ped connect -ip 192.124.106.100 -port 1503
 
Command Result : No Error
 

8.Issue the first command that requires authentication.

If the HSM is already initialized and you have the blue HSM SO key, log in.

lunacm:>role login -name so

If the HSM is uninitialized, you can initialize it now. Have blank or reusable blue and red PED keys ready (or multiple blue and red keys for M of N or multiple copies). See Creating PED Keys for more information on creating PED keys.

lunacm:>hsm init -label <label>

9.The Luna PED prompts for an orange PED key. Present the orange PED key with the correct RPK.

10.The Luna PED prompts for the key associated with the command you issued. Follow the on-screen directions to complete the authentication process.

NOTE   The Remote PED connection eventually times out (default: 1800 seconds), and must be re-initiated each time authentication is required. To simplify this process, you can set a default IP address and/or port for LunaCM to use each time you connect. To drop the Remote PED connection manually, see Ending or Switching the Remote PED Connection.

11.[OPTIONAL] Set a default IP address and/or port for the SafeNet Luna PCIe HSM to look for a Remote PED host with PEDserver running.

lunacm:>ped set -ip <PEDserver_IP> -port <PEDserver_port>

lunacm:>ped set -ip 192.124.106.100 -port 1503
 
Command Result : 0 (Success)
 

With this default address set, the HSM administrator can use ped connect to initiate the Remote PED connection. The orange PED key may be required if the RPK has been invalidated since you last used it.