Timeouts

Your network connections will timeout after a period of inactivity, as described below.

SSH Timeout

The Luna Network HSM appliance pings SSH clients with TCP keepalive to ensure clients are still reachable. Idle SSH sessions remain open, but are terminated if the client is unreachable for 15 seconds. This timeout is not configurable. If your session times out, you must open a new SSH session.

If you want idle SSH sessions to be terminated, you must configure a timeout on your network switch or firewall.

NTLS Timeout

As a general rule, do not adjust timeout settings (either via the interface or in config files) unless instructed to do so by Thales Technical Support.

Changing some settings can appear to improve performance until a situation is encountered where a process does not have time to complete due to a shortened timeout value.

Making timeouts too long will usually not cause errors, but can cause apparent performance degradation in some situations (HA).

Default settings have been chosen with some care, and should not be modified without good reason and full knowledge of the consequences.

CAUTION!   Never insert TAB characters into the crystoki.ini (Windows) or crystoki.conf (UNIX) file.

Network Receive Timeout

One timeout value that might require change is the ReceiveTimeout value in the "LunaSA Client" section of the configuration file. This timeout value is the period that the Luna Network HSM client will wait for a response from the Luna Network HSM before determining that the appliance is off-line. The default value of 20 seconds provides a worst-case scenario over a larger WAN, but may be inappropriate for some Luna Network HSM deployments (such as Luna HSMs in an HA configuration) where a quicker determination of the health of the Luna Network HSM system is required. This value can be set in the Luna Network HSM configuration file as follows:

Windows (crystoki.ini)

[LunaSA Client]
:
  ReceiveTimeout=<value in milliseconds> //default is 20000 milliseconds
:

UNIX (etc/Chrystoki.conf)

LunaSA Client = {
:
  ReceiveTimeout=<value in milliseconds>;
:
}