Scripted/Unattended Windows Installation/Uninstallation

This section describes how to perform unattended or scripted installations on Windows platforms. The following procedures are described:

>Command line options overview

>Installing the Luna HSM Client for the SafeNet Luna Network HSM

>Installing the Luna HSM Client for the SafeNet Luna PCIe HSM

>Installing the Luna HSM Client for the SafeNet Luna USB HSM

>Installing the Luna HSM Client for the SafeNet Luna Backup HSM

>Installing the Luna HSM Client for Remote PED

>Installation Location

>Logging

>Uninstalling the Luna HSM Client

If you want to perform an interactive installation, using the graphical, interactive installer, see Windows SafeNet Luna HSM Client Installation

NOTE   Unattended installation stores the root certificate in the certificate store and marks the publisher (in this case, SafeNet, Inc.) as trusted for future installations. You are not prompted to trust SafeNet Inc. as a driver publisher during unattended installation.

Command line options overview

The following command-line options are available:  

Option Values   Description  
addlocal=   Various (see below) Takes one-or-more device values, and one-or-more feature values, as a comma-separated list. Case insensitive. Values may be quoted or not.
installdir= A fully qualified folder path to install the client software Case insensitive. Default value is “c:\program files\safenet\lunaclient”. Enclose paths containing spaces in “”.
/install   N/A Install the product and features.
/uninstall   N/A Remove the product and features.
/quiet N/A Performs a silent installation; no prompts or messages.(See Note below this table)
/norestart N/A Prevents a reboot, post-installation. Any reboots must be performed manually.
/log The name of a log file Generates a highly detailed series of logs of the installation progress. This is equired only for product support.

NOTE   Windows defaults to launching the interactive graphical installer, unless you specify /quiet at the command line. Always include the /quiet option for scripted/unattended Luna Client installation.

The following devices or components are available for use with the addlocal= option:

Device identifier value   Can be used with these installable features  
NETWORK    CSP_KSP, JSP, SDK, JCProv  (*)
PCI   CSP_KSP, JSP, SDK, JCProv, SNMP  
USB    CSP_KSP, JSP, SDK, JCProv, SNMP  
BACKUP SNMP (this device performs backup and restore operations and is not enabled for cryptographic applications)
PED N/A (Used for remotely authenticating to PED-authenticated HSMs; not used by cryptographic applications - use of this device requires hands-on presence)

The device names are not case-sensitive.

(* The Network HSM appliance contains its own SNMP support; therefore the SNMP feature is not installed on clients where the Network HSM is the only HSM to be used.)

The following features are available for use with the addlocal= option :

Feature identifier value  Can be installed with these Luna devices   Description  
CSP_KSP    NETWORK, PCI, USB   Microsoft CSP and KSP  
FMSDK NETWORK, PCIe * Functionality Modules Software Development Kit
FMTOOLS NETWORK, PCIe * Tools for use when preparing Functionality Modules
JCProv   NETWORK, PCIe, USB   JCPROV PKCS#11  
JSP   NETWORK, PCIe, USB   Java Provider component  
SDK   NETWORK, PCIe, USB   Software SDK – Java / C++ samples  
SNMP PCIe, USB, Backup SNMP subagent  

The features can be installed together with the listed device(s) only - they cannot be installed separately - and need to be included only once in the command line. For example, if you are installing the NETWORK and PCI devices and you wish to install the CSP / KSP feature, specify CSP_KSP one time. The feature names are not case-sensitive.

NOTE   * If you install FMTOOLS for NETWORK only, then just mkfm and the library are installed.
If you install FMTOOLS for PCI, then mkfm and the library along with ctfm and fmrecover are installed.
If you install FMTOOLS for both NETWORK and PCIe devices, then all four elements are installed.
If you install the FM SDK, the Luna SDK is installed as well, to satisfy dependencies.

Options for addlocal= are separated by spaces. Device and feature values are separated by commas, with no spaces, unless the whole list is enclosed between quotation marks. If a space is encountered, outside of paired quotation marks, the next item found is treated as a command option.

Installing all components and features

Subsequent sections detail how to install the Luna HSM Client software, drivers (if necessary), and optional features (like Java support and the SDK), for individual HSMs. This section describes how to install everything at once, so that all SafeNet Luna HSMs and Remote PED are supported and all the optional features are available.

Use the ADDLOCAL= option together with the value all to install the base client software and the drivers for all SafeNet Luna devices, along with all the features.

To install the Luna HSM Client software and drivers for all SafeNet Luna devices and all features

From the location of LunaHSMClient.exe run the following command:

> Install the full Luna HSM Client software with drivers for all SafeNet Luna HSMs (Network HSM (no driver), PCIe HSM, Backup HSM, Remote PED), as well as all the features (CSP/KSP, JSP, JCProv, C++ SDK, SNMP Subagent)

LunaHSMClient.exe /install /quiet ADDLOCAL=all

NOTE   You can omit the /quiet option to see all options in the GUI dialog.

> [Optional logging] Install the full Luna HSM Client software with drivers for all SafeNet Luna HSMs (Network HSM (no driver), PCIe HSM, Backup HSM, Remote PED), as well as all the features (CSP/KSP, JSP, JCProv, C++ SDK, SNMP Subagent), and log the process.

LunaHSMClient.exe /install /log install.log /quiet ADDLOCAL=all

NOTE   The setting /log is optional and saves the installation logs to the file named install.log in the example. The install.log file (whatever name you give it) is required only if troubleshooting an issue with Technical Support.

Installing the Luna HSM Client for the SafeNet Luna Network HSM

Use the ADDLOCAL=NETWORK option to install the base client software for the SafeNet Luna Network HSM. Include the values for any optional, individual software components you desire. The base software must be installed first.

To install the Luna HSM Client for the SafeNet Luna Network HSM

From the location of LunaHSMClient.exe run one of the following commands:

> Install the base Luna HSM Client software necessary to communicate with SafeNet Luna Network HSM

LunaHSMClient.exe /install /quiet ADDLOCAL=NETWORK

>[Optional] Install the base Luna HSM Client software and any of the optional components for the SafeNet Luna Network HSM that you desire:

For example, the following command installs the base software and all of the optional components:

LunaHSMClient.exe /install /quiet ADDLOCAL=NETWORK,CSP_KSP,JSP,SDK,JCProv

If you wish to install only some of the components, just specify the ones you want after the product name (NETWORK in this example).

Installing the Luna HSM Client for the SafeNet Luna PCIe HSM

Use the ADDLOCAL=PCI option to install the base client software for the SafeNet Luna PCIe HSM. Include any features you desire. The base software must be installed first.

To install the Luna HSM Client for the SafeNet Luna PCIe HSM

From the location of LunaHSMClient.exe run one of the following commands:

> Install the base Luna HSM Client software for SafeNet Luna PCIe HSM

LunaHSMClient.exe /install /quiet ADDLOCAL=PCI

>Install the base Luna HSM Client software and any of the optional features for the SafeNet Luna PCIe HSM that you desire:

For example, the following command installs the base software and all of the optional components:

LunaHSMClient.exe /install /quiet ADDLOCAL=PCI,CSP_KSP,JSP,SDK,JCProv,SNMP

If you wish to install only some of the components, just specify the ones you want after the product name (PCI in this example).

Installing the Luna HSM Client for the SafeNet Luna USB HSM

Use the ADDLOCAL=USB option to install the base client software for the SafeNet Luna USB HSM. Include any features you desire. The base software must be installed first.

To install the Luna HSM Client for the SafeNet Luna USB HSM

From the location of LunaHSMClient.exe run one of the following commands:

> Install for SafeNet Luna USB HSM

LunaHSMClient.exe /install /quiet ADDLOCAL=USB

>Install the base Luna HSM Client software and any of the optional features for the SafeNet Luna USB HSM that you desire:

For example, the following command installs the base software and all of the optional components:

LunaHSMClient.exe /install /quiet ADDLOCAL=USB,CSP_KSP,JSP,SDK,JCProv,SNMP

If you wish to install only some of the components, just specify the ones you want after the product name (USB in this example).

Installing the Luna HSM Client for the SafeNet Luna Backup HSM

Use the ADDLOCAL=BACKUP option to install the base client software for the SafeNet Luna Backup HSM, and the optional feature, if desired. For the Backup HSM, which performs backup and restore operations and is not enabled for use with cryptographic applications, the feature you might add is SNMP, if applicable in your environment.

To install the Luna HSM Client for the SafeNet Luna Backup HSM

From the location of LunaHSMClient.exe run one of the following commands:

> Install the base Luna HSM Client software for SafeNet Luna Backup HSM

LunaHSMClient.exe /install /quiet /norestart ADDLOCAL=BACKUP

>Install the base Luna HSM Client software and an optional component for the SafeNet Luna Backup HSM:

For example, the following command installs the base software and the optional component:

LunaHSMClient.exe /install /quiet /norestart ADDLOCAL=backup,snmp

Installing the Luna HSM Client for Remote PED

Use the ADDLOCAL= option with component value PEDto install the client software for the SafeNet Luna Backup HSM.

To install the Luna HSM Client for the SafeNet Luna Backup HSM

>From the location of LunaHSMClient.exe run the following command:

LunaHSMClient.exe /install /quiet addlocal=ped

Installation Location

Specify the installation location, if the default location is not suitable for your situation.

This applies to installation of any Luna Device. Provide the INSTALLDIR= option, along with a fully qualified path to the desired target location. For example:

LunaHSMClient.exe /install /quiet addlocal=all installdir=c:\lunaclient

That command silently installs all of the SafeNet Luna device software and features to the folder c:\lunaclient (in this example). The software is installed into the same subdirectories per component and feature, under that named folder, as would be the case if INSTALLDIR was not provided. That is, INSTALLDIR changes the prefix or primary client installation folder to the one you specify, and the libraries, devices, tools, certificate folders, etc. are installed in their predetermined relationship, but under the new main folder location.

Logging

If problems are encountered during installation or uninstallation of the software and you wish to determine the reason, or if Gemalto Technical Support has requested you to do so, detailed logs can be generated and captured by specifying the /log option and providing a filename to capture the log output. Two logs are generated – one according to the name given and the other similarly named, with a number appended. Both log files must be sent to Gemalto support if assistance is required.

Example commands that include logging are:

LunaHSMClient.exe /install /quiet /log install.log /norestart ADDLOCAL=backup,snmp

LunaHSMClient.exe /uninstall /quiet /log uninstall.log

Uninstalling the Luna HSM Client

You can also perform scripted/unattended uninstallation.

To uninstall the Luna HSM Client

>From the location of LunaHSMClient.exe run the following command:

LunaHSMClient.exe /uninstall /quiet

>To log the uninstallation process, run the following command:

LunaHSMClient.exe /uninstall /quiet /log uninstall.log