Create Application Partitions

When you have initialized and configured the HSM, you are ready to create and configure application partitions, as described in this chapter.

SafeNet Luna Network HSMs have two types of partition spaces:

>HSM administrative partition - where HSM-wide policies are set and changed, application partitions are created/destroyed, HSM firmware and capabilities are updated, etc.

>Application partition - where cryptographic operations are performed by your applications

The high-level steps are summarized below, to go from a new or factory-reset HSM to having a configured application partition, ready for keys and objects and cryptographic operations. Normally, each set of actions is performed by a different person with different responsibilities.

HSM Security Officer (SO)

1.Initialize the HSM; this initializes the HSM SO role and the cloning domain for the HSM (see HSM Initialization).

2.Log in as HSM SO.

3.Create the empty application partition.

4.Complete the certificate exchanges and registrations necessary to create the secure link between Client and application partitions on the appliance.

Partition Security Officer (PO)

1.Set the active slot to the newly created application partition.

2.Initialize the partition; this initializes the Partition SO role and the cloning domain for the partition.

3.Log into the application partition as Partition SO.

4.Initialize the Crypto Officer role.

5.Log out.

Partition Crypto Officer (CO)

1.Set the active slot to the initialized application partition.

2.Log into the application partition as Crypto Officer.

3.[Optional] Initialize the Crypto User role.

Next Steps

NOTE   Before you begin configuring and initializing a PED-authenticated SafeNet Luna Network HSM, we recommend that you familiarize yourself with the PED by reviewing PED Authentication.

>For PED-authenticated SafeNet Luna Network HSM, the first step is to initialize the HSM; see Creating a PED-Authenticated Partition.

>For Password-authenticated SafeNet Luna Network HSM, the first step is to initialize the HSM; see Creating a Password-Authenticated Partition.