Initializing the Backup HSM Remote PED Vector

The Remote PED (via PEDserver) authenticates itself to the Luna Backup HSM with a randomly-generated encrypted value stored on an orange PED key. The orange key proves to the HSM that the Remote PED is authorized to perform authentication. The Backup HSM SO can create this key using LunaCM (connected to a client workstation) or LunaSH (connected to a Luna Network HSM appliance).

If the Backup HSM is already initialized, the HSM SO must log in to complete this procedure.

Prerequisites

>Luna PED with firmware 2.7.1 or newer

>USB mini-B to USB-A connector cable

>Luna PED DC power supply (if included with your Luna PED)

>Blank or reusable orange PED key (or multiple keys, if you plan to make extra copies or use an M of N security scheme). See Creating PED Keys for more information.

>Install the Backup HSM at the client/appliance and connect it to power (see Installing the Backup HSM).

>If you are using LunaSH, the Backup HSM must be initialized first (see Initializing the Backup HSM).

>Connect the PED to the Backup HSM using a 9-pin Micro-D to Micro-D cable. Set the PED to Local PED-SCP mode (see Modes of Operation).

To initialize the RPV and create the orange PED key using LunaCM

1.Launch LunaCM on the client workstation.

2.Set the active slot to the Backup HSM.

lunacm:> slot set -slot <slotnum>

3.If the Backup HSM is initialized, log in as HSM SO. If not, continue to the next step.

lunacm:> role login -name so

4.Ensure that you have the orange PED key(s) ready. Initialize the RPV.

lunacm:> ped vector init

5.Attend to the Luna PED and respond to the on-screen prompts. See Creating PED Keys for a full description of the key-creation process.

•If you have an orange PED key with an existing RPV that you wish to use for this HSM, press Yes.

•If you are creating a new RPV, press No.

Continue following the prompts for PED PIN, M of N, and duplication options.

To set up a Remote PED server, see Installing PEDserver and Setting Up the Remote Luna PED.

To initialize the RPV and create the orange PED key using LunaSH

NOTE   This procedure requires appliance software version 7.7.0 or newer.

1.Log in to LunaSH as admin, or an admin-level custom user.

2.[Optional] View the Luna Backup HSMs currently connected to the appliance and find the correct serial number.

lunash:> token backup list

3.Log in as HSM SO.

lunash:> token backup login -serial <serialnum>

4.Ensure that you have the orange PED key(s) ready. Initialize the RPV by specifying the Backup HSM serial number.

lunash:> hsm ped vector init -serial <serialnum>

5.Attend to the Luna PED and respond to the on-screen prompts. See Creating PED Keys for a full description of the key-creation process.

•If you have an orange PED key with an existing RPV that you wish to use for this HSM, press Yes.

•If you are creating a new RPV, press No.

To set up a Remote PED server, see Installing PEDserver and Setting Up the Remote Luna PED.