SNMP Operation and Limitations with SafeNet Luna Network HSM
This page applies only to SafeNet Luna Network HSM which, as a closed system, has its own agent. This contrasts with other SafeNet Luna HSMs that are installed inside a host computer, or USB-connected to a host, and therefore require you to provide an SNMP agent and configure for use with our subagent.
Various LunaSH commands govern the setup and use of SNMP with the SafeNet appliance. You provide your own SNMP application – a standard, open-source tool like net-snmp, or a commercial offering, or one that you develop yourself – and use the commands described below (and on the following pages) to enable and adjust the SNMP agent on-board the SafeNet appliance.
SNMP-Related Commands
Please refer to the LunaSH Appliance Commands in the Reference Section of this Help for syntax and usage descriptions of the following:
>The sysconf snmp command has subcommands enable, disable, notification, show, trap, and user.
•The sysconf snmp notification command allows viewing and configuring the notifications that can be sent by the SNMP agent. At least one user must be configured before the SNMP agent can be accessed.
•The sysconf snmp enable command enables and starts the SNMP service.
•The sysconf snmp disable command stops the service.
•The sysconf snmp show command shows the current status of the service.
•The sysconf snmp trap command has sub-commands to set, show, and clear trap host information.
•The sysconf snmp user command allows viewing and configuring the users that can access the SNMP agent. At least one user must be configured before the SNMP agent can be accessed.
>The service list command reports a service: "snmpd - SNMP agent service".
>The service status, service stop, service start and service restart commands accept the value "snmp" as a <servicename> parameter (that is, you can start, stop or restart the snmp service – this represents some overlap with the sysconf enable and disable commands, but is provided for completeness).
Coverage
The following are some points of interest, with regard to our reporting.
Memory
Swap usage - Covered by UCD-SNMP-MIB under memTotalSwap, memAvailSwap and memMinimumSwap OID
Physical Memory usage - Covered by UCD-SNMP-MIB under memTotalRea, memAvailReal, memTotalFree OID
Errors - Covered by UCD-SNMP-MIB under memSwapError and memSwapErrorMsg OID
Paging
Size of page file - Not covered
Page file usage - Not covered
Paging errors - Not covered
Note: UCD-SNMP-MIB/memory will report all the data that we get from the "free" command.
CPU
% Utilization Threads - Not covered
%user time - Covered by UCD-SNMP-MIB under ssCpuUsr OID
%system time - Covered by UCD-SNMP-MIB under ssCpuSystem OID
Top running processes - Not covered
Network
Interface status - Covered
% utilization - Covered
Bytes in - Not covered
Bytes Out - Not covered
Errors - Covered
Note: All of the above are already covered by the RFC1213-MIB.
Monitoring Internal Hardware failure
We do not currently keep any status on hardware failure.
Environmental
We support only CPU and mother board temperature.
HSM MIB
The above concerns status of various elements of the appliance, outside the contained HSM.
HSM status is separately handled by the SAFENET-HSM-MIB.
In the current implementation, the object ntlsCertExpireNotification has no value. If you query this object, the response is "Snmp No Such Object.
Information about the HSM, retrievable via SNMP, is similar to executing the following commands:
From SafeNet Luna Network HSM (LunaSH) commands:
> hsm show
>hsm showpolicies
>hsm displaylicenses
>client show
From the Luna HSM Client (LunaCM) commands:
>partition showinfo
>partition showpolicies
MIBS You Need for Network Monitoring of SafeNet Luna Network HSM
The following MIBs are not supplied as part of the SafeNet Luna Network HSM build, but can be downloaded from a number of sources. How they are implemented depends on your MIB utility. Support is restricted to active queries (trap captures only reboots).
>LM-SENSORS-MIB
>RFC1213-MIB
>SNMP-FRAMEWORK-MIB
>SNMP-MPD-MIB
>SNMP-TARGET-MIB
>SNMP-USER-BASED-SM-MIB
>SNMPv2-MIB
>SNMP-VIEW-BASED-ACM-MIB
In addition, the SAFENET-APPLIANCE-MIB is included within the SafeNet Luna Network HSM appliance, to report Software Version.
MIBS You Need for Monitoring the Status of the HSM
You require the following MIB to monitor the status of the HSM:
>SAFENET-HSM-MIB.mib