Create Application Partitions
When you have initialized and configured the HSM, you are ready to create and configure application partitions, as described in this chapter.
SafeNet Luna PCIe HSMs have two types of partition spaces:
>HSM administrative partition - where HSM-wide policies are set and changed, application partitions are created/destroyed, HSM firmware and capabilities are updated, etc.
>Application partition - where cryptographic operations are performed by your applications
The high-level steps are summarized below, to go from a new or factory-reset HSM to having a configured application partition, ready for keys and objects and cryptographic operations. Normally, each set of actions is performed by a different person with different responsibilities.
For Multiple HSMs - As the HSM Security Officer (SO)
1.Set the active slot to the HSM's administrative partition (if you have more than one HSM slot on your host).
2.Initialize the HSM; this initializes the HSM SO role and the cloning domain for the HSM's administrative partition (see HSM Initialization).
3.Log into the administrative partition as HSM SO.
4.Create the empty application partition.
Partition Security Officer (PO)
1.Set the active slot to the newly created application partition.
2.Initialize the partition; this initializes the Partition SO role and the cloning domain for the partition.
3.Log into the application partition as Partition SO.
4.Initialize the Crypto Officer role.
5.Log out.
Partition Crypto Officer (CO)
1.Set the active slot to the initialized application partition.
2.Log into the application partition as Crypto Officer.
3.[Optional] Initialize the Crypto User role.
Next Steps
NOTE Before you begin configuring and initializing a PED-authenticated SafeNet Luna PCIe HSM, we recommend that you familiarize yourself with the PED by reviewing PED Authentication.
>For PED-authenticated SafeNet Luna PCIe HSM, the first step is to initialize the partition; see HSM SO Creates PED-Authenticated Partition, Local to Client.
>For Password-authenticated SafeNet Luna PCIe HSM, the first step is to initialize the partition; see HSM SO Creates Password-Authenticated Partition, Local to Client.