Adjusting Default Partition Parameters
This is supplementary information. You can create and use HSM partitions, using default parameters, without ever referring to this page. However, if you wish to adjust and control the size of your partitions, the information on this page might be helpful.
For command syntax, see partition create in the LunaSH Command Reference Guide.
The procedure for creating partitions is described in the Configuration Guide.
Use hsm show to see:
>Total HSM storage
>Current memory usage
>Current number of partitions
>Maximum number of partitions allowed
Use partition list to see:
>All current application partitions
>Total storage allotted to each
>Total used and available storage on each partition
Size of Partitions
The maximum number of partitions depends on the model of SafeNet Luna Network HSM you purchased. Your HSM can be upgraded with additional partition licenses if your desired configuration calls for them. By default, each partition is assigned an equal share of the total HSM memory. For example, if you purchased a SafeNet Luna Network HSM with 16MB of memory and 10 partition licenses, each partition would have a default size of 1.6 MB. The basic allotment ensures that you can create all licensed partitions, each with enough space to hold at least one RSA key pair.
NOTE Each partition requires approximately 9KB of memory to store security and identity information. Take this into account when creating very small specialized partitions (for example, a partition containing a single key pair for signing and verification).
Creating Custom-Sized Partitions
To specify the amount of memory allotted to a new partition, use partition create, including the -size option and the desired size in bytes:
lunash:> partition create -par mypartition -size 100000
To create a partition that uses all available remaining memory, include the -allfreestorage option:
lunash:> partition create -par mypartition -allfreestorage
Resizing Partitions
CAUTION! If you intend to resize partitions, be sure to backup the contents of your HSM first. If a partition is at or near capacity, it might be necessary to remove some objects before resizing. You may need to restore the partition from backup after it has been resized.
To specify the amount of memory allotted to an existing partition, use partition resize, including the -size option and the desired size in bytes:
lunash:> partition resize -par mypartition -size 50000
You must specify either the -size or -allfreestorage option when resizing a partition. You can reduce the size of a partition as long as the desired size is not less than the memory currently in use.
Example with four equal partitions using all storage
If you prefer to have all your partitions sized equally, and to let the HSM do the calculations, the following procedure might be of some value.
To create four equal-size partitions, using all the available storage:
1.Start by creating 20 partitions (the maximum allowed) – each will have X bytes available to it.
2.Delete 4 of them (leaving 16).
3.Resize one partition to use -allfreestorage, which makes that partition large (as large as five small partitions - the four partitions you just deleted, freeing their allotment, plus the one you are currently resizing) and leaves the HSM with 15 partitions having X bytes each, plus the large one.
4.Delete another four small partitions.
5.Resize one small partition to use -allfreestorage, which makes that partition large (there are now two large partitions) and leaves the HSM with 10 partitions having X bytes each, plus the two large ones.
6.Delete another four small partitions.
7.Resize one small partition to use -allfreestorage, which makes that partition large (there are now three large partitions) and leaves the HSM with 5 partitions having X bytes each, plus the three large ones.
8.Delete another four small partitions.
9.Resize the single remaining small partition to use -allfreestorage, which makes that partition large and leaves 0 (zero) of the original partitions with X bytes each, and the four large partitions of equal size, and no unallocated space on the HSM.
For the example, we chose conveniently round numbers. You might have a few bytes left over, or one partition slightly larger or smaller than the others, depending on the actual configuration of your HSM.