Local PED Setup

A Local PED connection is the simplest way to set up the SafeNet Luna PED. In this configuration, the PED is connected directly to the HSM card. It is best suited for situations where all parties who need to authenticate credentials have convenient physical access to the HSM. When the HSM is stored in a secure data center and accessed remotely, you must use a Remote PED setup.

Setting Up a Local PED Connection

The SafeNet Luna PCIe HSM administrator can use these directions to set up a Local PED connection. You require:

>SafeNet Luna PED with firmware 2.7.1 or newer

>USB mini-B to USB-A connector cable

>Luna PED DC power supply (if included with your Luna PED)

To set up a Local PED connection

1.Connect the Luna PED to the HSM using the supplied USB mini-B to USB-A connector cable.

NOTE   To operate in Local PED-USB mode, the PED must be connected directly to the HSM card's USB port, and not one of the other USB connection ports on the host system.

2.PED version 2.8 and above is powered via the USB connection. If you are using PED version 2.7.1, connect it to power using the Luna PED DC power supply.

As soon as the PED receives power, it performs start-up and self-test routines. It verifies the connection type and automatically switches to the appropriate operation mode when it receives the first command from the HSM.

3.If you prefer to set the operation mode to Local PED-USB manually, see Changing Modes.

The Luna PED is now ready to perform authentication for the HSM. You may proceed with setting up or deploying your SafeNet Luna PCIe HSM. All commands requiring authentication (HSM/partition initialization, login, etc.) will now prompt the user for action on the locally-connected Luna PED.

PED Actions

There are several things that you can do with the Luna PED at this point:

>Wait for a PED authentication prompt in response to a LunaCM command (see Performing PED Authentication)

>Create copies of your PED keys (see Duplicating Existing PED Keys)

>Change to the Admin Mode to run tests or update PED software (see Changing Modes)

>Prepare to set up a Remote PED server (see About Remote PED)

Local PED Troubleshooting

If you encounter problems with Local PED, refer to this section.

CKR_PED_UNPLUGGED error after hsm restart

After running hsm restart, LunaCM returns a CKR_PED_UNPLUGGED error when authentication is attempted. 

lunacm:>role login -n so
 
        Please attend to the PED.
 
Caution: You have only 3 so login attempts left. If you fail 3
         more consecutive login attempts (i.e. with no successful
         logins in between) the HSM will be ZEROIZED!!!
 
Error in execution: CKR_PED_UNPLUGGED.
 
Command Result : 0x8000002e (CKR_PED_UNPLUGGED)
 

If you receive this error, disconnect the Luna PED from the HSM's USB port and reconnect it before issuing the login command again.


Customer Support Portal

SafeNet Luna PCIe HSM 7.3 Product Documentation  13 December 2019  Copyright 2001-2019 Thales. All rights reserved.