Establishing and Configuring the STC Admin Channel on a SafeNet Luna Network HSM Appliance

STC allows you to protect all communications to the HSM, including those that originate on the SafeNet Luna Network HSM appliance, by enabling the STC admin channel. The STC admin channel is local to the appliance, and is used to transmit data between the local services and applications running on the appliance (such as LunaSH, NTLS, and the STC service) and the HSM SO partition. The STC admin channel link is configured separately from the client-partition links, and can be enabled or disabled as required. The following instructions are for the HSM SO.

NOTE   Enabling the STC admin channel forces all client-partition links (NTLS or STC) to use STC on the portion of the link from the appliance to the HSM. This may affect NTLS link performance.

Enabling the STC Admin Channel on a SafeNet Luna Network HSM Appliance

When enabled, all communications from the appliance operating system to the HSM are transmitted over the STC admin channel.

CAUTION!   Enabling the STC admin channel is service-affecting. It causes an STC service restart, which temporarily terminates all existing STC links to the appliance. It also terminates the existing HSM login session.

To enable the STC admin channel on a SafeNet Luna Network HSM appliance:

1.Open a LunaSH session on the appliance and log in as the HSM SO.

lunash:>hsm login

2.Enable the STC admin channel:

lunash:>hsm stc enable

lunash:>hsm stc enable
 
    Enabling local STC will require a restart of STC service.
    Any existing STC connections will be terminated.
 
    Type 'proceed' to enable STC on the admin channel, or 'quit' 
    to quit now. > proceed
 
Successfully enabled STC on the admin channel.
 
Command Result : 0 (Success)

Disabling the STC Admin Channel on a SafeNet Luna Network HSM Appliance

When disabled, all communications from the appliance operating system to the HSM are transmitted, unencrypted, over the local bus.

NOTE   Disabling the STC admin channel is service affecting. It causes an STC service restart, which temporarily terminates all existing STC links to the appliance. It also terminates the existing HSM login session.

To disable the STC admin channel on a SafeNet Luna Network HSM appliance:

1.Open a LunaSH session on the appliance and log in as the HSM SO.

lunash:>hsm login

2.Disable the STC admin channel:

lunash:>hsm stc disable

lunash:>hsm stc disable
 
    Disabling STC on the admin channel will require a restart of STC service.
    Any existing STC connections will be terminated.
 
    Type 'proceed' to disable STC on the admin channel, or 'quit' 
    to quit now. > proceed
 
Successfully disabled STC on the admin channel.
 
Command Result : 0 (Success)

Configuring the STC Admin Channel on a SafeNet Luna Network HSM Appliance

STC provides several configurable options that define the network settings for an STC link, and the security settings for the messages transmitted over the link. Although default values are provided that provide the optimal balance between security and performance, you can override the defaults, if desired. See Configuring the Network and Security Settings for an STC Link for more information.