Creating a Network Trust Link Between a Client and a Partition

After you establish a network trust link between the client and the appliance, you can assign the client to a specific partition on the appliance to grant the client access to the partition. After you assign a client to a partition, the client can establish NTLS links to the partition, allowing you to:

>See the partition as a slot in LunaCM.

>Use the partition with your cryptographic applications.

NOTE   You must be connected to the HSM Server and logged in as “admin”.

Assigning a Client to a Partition

Use the LunaSH command client assignpartition to assign a registered client to a partition. You might need to use your client IP address as your client name, if you registered your client using an IP address.

This task is performed by the HSM SO, if you are not using STC. This is the final task you need to complete before handing off the partition to the partition owner.

To assign a client to a partition:

1.Launch LunaSH and login as the HSM SO.

2.Enter the following command to assign a client to a partition:

lunash:>client assignpartition -client <clientname> -partition <partition_label>

lunash:> client assignPartition -client ntls_client -partition ntls_partition
 
 'client assignPartition' successful.
 
Command Result : 0 (Success)

3.Enter the following command to verify that the partition is assigned to the client:

lunash:>client show -client <clientname>

lunash:> client show -client ntls_client
 
ClientID:     ntls_client
Hostname:     Luna_Client
OTT Expiry:   n/a
Partitions:   ntls_partition

4.If you registered your client by hostname, the appliance will need to use a DNS server to look up the device IP address. To ensure that the client is reachable in the event of a DNS failure, you can use the following command to map the client host name to its IP address, and save the mapping locally on the appliance.

lunash:>client hostip map -client <client_name> -ip <client_IP_address>

lunash:> client hostip map -client ntls_client -ip 192.20.11.21 
 
Command Result : 0 (Success)
 
lunash:>client hostip show
 
Client Name         Host Name                     Host IP
----------------------------------------------------------------------
ntls_client         ntls_client                   192.20.11.21
 
Command Result : 0 (Success)

5.Hand off possession of the partition to its new owner by providing the contact information (IP address and partition name) and any necessary instructions. The receiving person will become the Partition SO and begin configuring the partition for its application.

Verifying Your Setup

Before beginning to use a Client application with your newly configured partition, you can verify that the foregoing setup has been properly performed.

This task is performed by the partition owner, from the SafeNet Luna HSM client workstation used to deploy the partition.

To verify your setup:

1.On your Client workstation, open a command-line console.

2.Go to the software directory (c:\Program Files\SafeNet\LunaClient for Windows, or /usr/safenet/lunaclient for Linux, Solaris or AIX), and type vtl verify.

3.The response should be similar to:

Slot    Serial #             Label
====    =============        =====
   0          2279315

If you get an error message, then some part of the configuration has not been properly completed. Retrace the procedure.

At this point, the client and HSM are configured and registered with each other. You can now begin to use the SafeNet Luna Network HSM with your application. You can use the partition list command for a list of HSM Partitions on the HSM, and the client list command for a list of the clients assigned to an HSM Partition.

4.Setup is complete. We suggest that you browse the Administration Guide to develop a deeper understanding of the options and capabilities of your SafeNet Luna Network HSM partition, and of the housekeeping tasks and utilities that you might need.

Client Connection Limits

See Connections to the Appliance - Limits for a discussion of the limits for client connections to a SafeNet Luna Network HSM appliance and HSM.

Applications and Integrations

If you have any of dozens of third-party applications, we might already have performed system integration with it, and published an Integration Guide for the application or API that you wish to use. Contact Thales Technical Support for the latest list of current integrations, or to request that one be developed.


Customer Support Portal

SafeNet Luna Network HSM 7.4 Product Documentation  16 December 2019  Copyright 2001-2019 Thales. All rights reserved.