Recommended Network Characteristics

Determine whether your network is configured optimally for use of SafeNet appliances.

NOTE   Always employ network security best practices. Place the SafeNet Luna Network HSM behind a firewall.

Bandwidth and Latency Recommendation

Bandwidth

>Minimum supported: 10 MB half duplex

>Recommended: at least 100 MB full duplex - full Gigabit Ethernet is supported

NOTE   Ensure that your network switch is set to AUTO negotiation, as the SafeNet appliance negotiates at AUTO. If it is not, there is a risk that the switch and the SafeNet appliance will settle on a much slower speed than is actually possible in your network conditions.  

Network Latency

>Maximum supported: 500ms

>Recommended: 0.5ms

Latency and Testing Troubleshooting

SafeNet appliance client-server communication uses timeouts less than 30 seconds to determine failure scenarios. Thus the appliance does not tolerate network configurations or conditions that introduce a greater delay - problems can result, especially with High Availability configurations.

When you disconnect the network cable between any SafeNet appliance and a switch, and then reconnect, traffic should resume immediately, but with certain network switch configurations it might take 30 seconds for traffic to resume. The problem here is at the switch (not the SafeNet appliance). 

If the switch is configured to run the Spanning Tree Protocol on the port, then there is a delay of about 30 seconds while it runs through a series of discovery commands and waits for responses. The switches can be configured to run in “PortFast” mode in which the Spanning Tree Protocol still runs on the port, but the port is placed directly into 'forwarding mode' and starts the traffic flowing immediately.

With the switch introducing a connection detection delay of 30 seconds or greater, transient network failures lasting only seconds are no longer tolerated. A simple test is to set up a ping stream and then disconnect and reconnect the network cable. The ping traffic should resume after a 1 or 2 second delay. A greater delay indicates that a switch in the network is not detecting the reconnection as quickly as is optimal. See the recommendations for network Bandwidth and Latency.


Customer Support Portal

SafeNet Luna Network HSM 7.2 Product Documentation  13 December 2019  Copyright 2001-2019 Thales. All rights reserved.