Timeouts

Your network connections will timeout after a period of inactivity, as described below.

SSH Timeout

SSH connections to the appliance are cleaned up and torn down when no network activity has been detected for 15 seconds. This timeout is not configurable. If your session times out, you must open a new SSH session.

NTLS Timeout

As a general rule, do not adjust timeout settings (either via the interface or in config files) unless instructed to do so by Thales Technical Support.

Changing some settings can appear to improve performance until a situation is encountered where a process does not have time to complete due to a shortened timeout value.

Making timeouts too long will usually not cause errors, but can cause apparent performance degradation in some situations (HA).

Default settings have been chosen with some care, and should not be modified without good reason and full knowledge of the consequences.

CAUTION!   Never insert TAB characters into the chrystoki.ini (Windows) or crystoki.conf (UNIX) file.

Network Receive Timeout

One timeout value that might require change is the ReceiveTimeout value in the "LunaSA Client" section of the configuration file. This timeout value is the period that the SafeNet Luna Network HSM client will wait for a response from the SafeNet Luna Network HSM before determining that the appliance is off-line. The default value of 20 seconds provides a worst-case scenario over a larger WAN, but may be inappropriate for some SafeNet Luna Network HSM deployments (such as SafeNet Luna HSMs in an HA configuration) where a quicker determination of the health of the SafeNet Luna Network HSM system is required. This value can be set in the SafeNet Luna Network HSM configuration file as follows:

Windows (crystoki.ini)

[LunaSA Client]
:
  ReceiveTimeout=<value in milliseconds> //default is 20000 milliseconds
:

UNIX (etc/Chrystoki.conf)

LunaSA Client = {
:
  ReceiveTimeout=<value in milliseconds>;
:
}