About the Configuration Guide

This document describes how to configure your HSM to get it ready to operate in your environment. Some of the following procedures are required before you can place the HSM in operation; others are optional. Some decisions are required at each stage.

The first task is to initialize the HSM, and assign a Security Officer to oversee and administer the HSM. Then you can apply some optional global settings. Next you will create application partitions, that your application will access to create, store, and use keys, certificates, and other crypto objects. A Partition Security Officer (SO) is assigned to each partition, and the HSM SO has no further access to the partition's contents. The Partition SO sets policies and performs other administration within the application partition, and assigns a Crypto Officer to handle access-control by applications.

Configuring an HSM consists of:

>Initializing the HSM - establishing ownership on the part of a role called the HSM Security Officer (SO). See HSM Initialization.

>Setting HSM Policies - configuration settings to adjust some security and behavior parameters. See Set the HSM Policies.

>Creating a working space on the HSM for your application programs, called an application partition. See Creating an Application Partition on the HSM.

>Set partition policies as desired. See Setting SafeNet Luna PCIe HSM Partition Policies.

>Perform any optional configuration tasks. See Optional Configuration Tasks.

The preface includes the following information about this document:

>Customer Release Notes


>Document Conventions

>Support Contacts

For information regarding the document status and revision history, see Document Information.