Create Application Partitions
When you have initialized and configured the HSM, you are ready to create and configure application partitions, as described in this chapter.
SafeNet Luna PCIe HSMs have two types of partition spaces:
>HSM administrative partition - where HSM-wide policies are set and changed, application partitions are created/destroyed, HSM firmware and capabilities are updated, etc.
>Application partition - where cryptographic operations are performed by your applications
The high-level steps are summarized below, to go from a new or factory-reset HSM to having a configured application partition, ready for keys and objects and cryptographic operations. Normally, each set of actions is performed by a different person with different responsibilities.
Partition Security Officer (PO)
1.Set the active slot to the newly created application partition.
2.Initialize the partition; this initializes the Partition SO role and the cloning domain for the partition.
3.Log into the application partition as Partition SO.
4.Initialize the Crypto Officer role.
5.Log out.
Partition Crypto Officer (CO)
1.Set the active slot to the initialized application partition.
2.Log into the application partition as Crypto Officer.
3.[Optional] Initialize the Crypto User role.
Next Steps
NOTE Before you begin configuring and initializing a PED-authenticated SafeNet Luna PCIe HSM, we recommend that you familiarize yourself with the PED by reviewing PED Authentication.