Creating a Password-Authenticated Partition
An application owner/user has requested an application partition on the HSM, in which applications will run cryptographic operations. These instructions are the actions to be taken by the HSM Security Officer or SO. These instructions assume you are using a Password-authenticated SafeNet Luna Network HSM.
The SafeNet Luna Network HSMis initially accessed via SSH, and LunaSH is used to create the partition. After the partition is created, administrative access to that partition moves to a host computer where SafeNet Luna HSM Client software is installed, and where administrative actions are carried out through a Network Trust Link (NTL) or Secure Trusted Channel (STC) via the LunaCM tool.
Requirements
You will need:
>The appliance configured for network operation and server certificate created.
>SafeNet Luna Network HSM and your application host computer having exchanged certificates.
>The HSM in initialized state.
Create the Partition
1.Log in to the SafeNet Luna Network HSM as HSM SO.
lunash:>hsm login Please enter the HSM Administrators' password: > ******** 'hsm login' successful. Command Result : 0 (Success)
2.Use the partition create command to create a new partition, specifying at least a partition name. Other command parameters are available. See partition create in the LunaSH Command Reference Guide for details.
lunash:>partition create -partition LunaPar1
Type 'proceed' to create the partition, or
'quit' to quit now.
> proceed
'partition create' successful.
Command Result : 0 (Success)
3.Verify that the partition has been created.
lunash:>hsm show
Appliance Details:
==================
Software Version: 7.0.0
HSM Details:
============
HSM Label: myLunaHSM
Serial #: 66331
Firmware: 7.0.1
HSM Model: Luna K7
HSM Part Number: 808-000048-002
Authentication Method: Password
HSM Admin login status: Logged In
HSM Admin login attempts left: 3 before HSM zeroization!
RPV Initialized: No
Audit Role Initialized: No
Remote Login Initialized: No
Manually Zeroized: No
Secure Transport Mode: No
HSM Tamper State: No tamper(s)
Partitions created on HSM:
==============================
Partition: 154438865287, Name: LunaPar1
Number of partitions allowed: 100
Number of partitions created: 1
FIPS 140-2 Operation:
=====================
The HSM is NOT in FIPS 140-2 approved operation mode.
HSM Storage Information:
========================
Maximum HSM Storage Space (Bytes): 33554432
Space In Use (Bytes): 335544
Free Space Left (Bytes): 33218888
Environmental Information on HSM:
=================================
Battery Voltage: 3.072 V
Battery Warning Threshold Voltage: 2.750 V
System Temp: 36 deg. C
System Temp Warning Threshold: 75 deg. C
Command Result : 0 (Success)
The partition now exists, and all future configuration and management of that partition will be handed over to the person who is to become the Partition SO. Once the partition is initialized, the HSM SO's administrative access is limited to the following actions:
>resizing the partition
>deleting the partition
>backing up the partition contents
>restoring the contents of the partition from backup
The Partition SO (and any additional roles that are created for the partition) performs all configuration and management actions on the partition, using LunaCM via a client connection.
The next step, depending on your configuration, is one of the following:
