Verifying an HA Group
After creating an HA group in LunaCM, you can see the group represented as a virtual slot alongside the physical slots:
lunacm (64-bit) v7.3.0-165. Copyright (c) 2018 SafeNet. All rights reserved.
Available HSMs:
Slot Id -> 0
Label -> par0
Serial Number -> 154438865287
Model -> LunaSA 7.3.0
Firmware Version -> 7.3.0
Configuration -> Luna User Partition With SO (PW) Key Export With Cloning Mode
Slot Description -> Net Token Slot
Slot Id -> 1
Label -> par1
Serial Number -> 1238700701509
Model -> LunaSA 7.3.0
Firmware Version -> 7.3.0
Configuration -> Luna User Partition With SO (PW) Key Export With Cloning Mode
Slot Description -> Net Token Slot
Slot Id -> 5
HSM Label -> myHAgroup
HSM Serial Number -> 1154438865287
HSM Model -> LunaVirtual
HSM Firmware Version -> 7.3.0
HSM Configuration -> Luna Virtual HSM (PW) Key Export With Cloning Mode
HSM Status -> N/A - HA Group
Current Slot Id: 0
The following procedure is one way to verify that your HA group is working as intended:
To verify an HA group
1.Exit LunaCM and run multitoken against the HA group slot number (slot 5 in the example) to create some objects on the HA group partitions.
./multitoken -mode <keygen_mode> -key <key_size> -nodestroy -slots <HA_virtual_slot>
c:\Program Files\SafeNet\LunaClient>multitoken -mode rsakeygen -key 4096 -nodestroy -slots 5
multitoken (64-bit) v7.3.0-165. Copyright (c) 2018 SafeNet. All rights reserved.
Initializing library...Finished Initializing
...done.
Do you wish to continue?
Enter 'y' or 'n': y
Constructing thread objects.
Logging in to tokens...
slot 0... Enter password: userpin
Serial Number 154438865287
Please wait, creating test threads.
Test threads created successfully. Press ENTER to terminate testing.
RSA key generation 4096-bit:
Using token objects.
+ keys/second | elapsed
0, 0 | total average | time (secs)
------ | ------- ---------- | ------------
0.6 | 0.6 0.599* | 5
Waiting for threads to terminate.
You can hit Enter at any time to stop the process before the partitions fill up completely. Any number of created objects will be sufficient to show that the HA group is functioning.
2.Run LunaCM and check the partition information on the two physical slots. Check the object count under "Partition Storage":
lunacm:>partition showinfo
Current Slot Id: 0
lunacm:> partition showinfo
...(clip)...
Partition Storage:
Total Storage Space: 325896
Used Storage Space: 22120
Free Storage Space: 303776
Object Count: 14Overhead: 9648
Command Result : No Error
lunacm:> slot set slot 1
Current Slot Id: 1 (Luna User Slot 7.0.1 (PW) Signing With Cloning Mode)
Command Result : No Error
lunacm:> partition showinfo
...(clip)...
Partition Storage:
Total Storage Space: 325896
Used Storage Space: 22120
Free Storage Space: 303776
Object Count: 14Overhead: 9648
Command Result : No Error
3.To remove the test objects, login to the HA virtual slot and clear the virtual partition (slot set, partition login, partition clear).
lunacm:>slot set slot <HA_virtual_slot>
lunacm:>partition login
lunacm:>partition clear
lunacm:> slot set slot 5
Current Slot Id: 5 (Virtual HSM 7.3.0 (PW) Key Export With Cloning Mode)
Command Result : No Error
lunacm:> partition login
Option -password was not supplied. It is required.
Enter the password: ********
Command Result : No Error
lunacm:> partition clear
You are about to delete all the user objects.
Are you sure you wish to continue?
Type 'proceed' to continue, or 'quit' to quit now -> proceed
14 objects were deleted.
Command Result : No Error
If you are satisfied that your HA group is working, you can begin using your application against the HA virtual slot. The virtual slot assignment will change depending on how many more application partitions are added to your client configuration. If your application invokes the HA group label, this will not matter. If you have applications that invoke the slot number, see Enabling/Disabling HA Only Mode.
