Establishing and Configuring the STC Admin Channel on a SafeNet Luna Network HSM Appliance
STC allows you to protect all communications to the HSM, including those that originate on the SafeNet Luna Network HSM appliance, by enabling the STC admin channel. The STC admin channel is local to the appliance, and is used to transmit data between the local services and applications running on the appliance (such as LunaSH, NTLS, and the STC service) and the HSM SO partition. The STC admin channel link is configured separately from the client-partition links, and can be enabled or disabled as required. The following instructions are for the HSM SO.
NOTE Enabling the STC admin channel forces all client-partition links (NTLS or STC) to use STC on the portion of the link from the appliance to the HSM. This may affect NTLS link performance.
Enabling the STC Admin Channel on a SafeNet Luna Network HSM Appliance
When enabled, all communications from the appliance operating system to the HSM are transmitted over the STC admin channel.
CAUTION! Enabling the STC admin channel is service-affecting. It causes an STC service restart, which temporarily terminates all existing STC links to the appliance. It also terminates the existing HSM login session.
To enable the STC admin channel on a SafeNet Luna Network HSM appliance:
1.Open a LunaSH session on the appliance and log in as the HSM SO.
lunash:>hsm login
2.Enable the STC admin channel:
lunash:>hsm stc enable
lunash:>hsm stc enable
Enabling local STC will require a restart of STC service.
Any existing STC connections will be terminated.
Type 'proceed' to enable STC on the admin channel, or 'quit'
to quit now. > proceed
Successfully enabled STC on the admin channel.
Command Result : 0 (Success)
Disabling the STC Admin Channel on a SafeNet Luna Network HSM Appliance
When disabled, all communications from the appliance operating system to the HSM are transmitted, unencrypted, over the local bus.
NOTE Disabling the STC admin channel is service affecting. It causes an STC service restart, which temporarily terminates all existing STC links to the appliance. It also terminates the existing HSM login session.
To disable the STC admin channel on a SafeNet Luna Network HSM appliance:
1.Open a LunaSH session on the appliance and log in as the HSM SO.
lunash:>hsm login
2.Disable the STC admin channel:
lunash:>hsm stc disable
lunash:>hsm stc disable
Disabling STC on the admin channel will require a restart of STC service.
Any existing STC connections will be terminated.
Type 'proceed' to disable STC on the admin channel, or 'quit'
to quit now. > proceed
Successfully disabled STC on the admin channel.
Command Result : 0 (Success)
Configuring the STC Admin Channel on a SafeNet Luna Network HSM Appliance
STC provides several configurable options that define the network settings for an STC link, and the security settings for the messages transmitted over the link. Although default values are provided that provide the optimal balance between security and performance, you can override the defaults, if desired. See Configuring the Network and Security Settings for an STC Link for more information.