Scripted/Unattended Windows Installation/Uninstallation
This section describes how to perform unattended or scripted installations on Windows platforms. The following procedures are described:
>Command line options overview
>Installing the Luna HSM Client for the Luna Network HSM
>Installing the Luna HSM Client for the Luna PCIe HSM
>Installing the Luna HSM Client for the Luna USB HSM
>Installing the Luna HSM Client for the Luna Backup HSM
>Installing the Luna HSM Client for Remote PED
>Uninstalling the Luna HSM Client
If you want to perform an interactive installation, using the graphical, interactive installer, see Windows Luna HSM Client Installation
NOTE Unattended installation stores the root certificate in the certificate store and marks the publisher (in this case, SafeNet, Inc.) as trusted for future installations. You are not prompted to trust SafeNet Inc. as a driver publisher during unattended installation.
Command line options overview
The following command-line options are available:
Option | Values | Description |
---|---|---|
addlocal= | Various (see below) | Takes one-or-more device values, and one-or-more feature values, as a comma-separated list. Case insensitive. Values may be quoted or not. |
installdir= | A fully qualified folder path to install the client software | Case insensitive. Default value is “c:\program files\safenet\lunaclient”. Enclose paths containing spaces in “”. |
/install | N/A | Install the product and features. |
/uninstall | N/A | Remove the product and features. |
/quiet | N/A | Performs a silent installation; no prompts or messages.(See Note below this table) |
/norestart | N/A | Prevents a reboot, post-installation. Any reboots must be performed manually. |
/log | The name of a log file | Generates a highly detailed series of logs of the installation progress. This is equired only for product support. |
NOTE Windows defaults to launching the interactive graphical installer, unless you specify /quiet at the command line. Always include the /quiet option for scripted/unattended Luna HSM Client installation.
The following devices or components are available for use with the addlocal= option:
Device identifier value | Can be used with these installable features |
---|---|
NETWORK | CSP_KSP, JSP, SDK, JCProv (*) |
PCI | CSP_KSP, JSP, SDK, JCProv, SNMP |
USB | CSP_KSP, JSP, SDK, JCProv, SNMP |
BACKUP | SNMP (this device performs backup and restore operations and is not enabled for cryptographic applications) |
PED | N/A (Used for remotely authenticating to PED-authenticated HSMs; not used by cryptographic applications - use of this device requires hands-on presence) |
The device names are not case-sensitive.
(* The Network HSM appliance contains its own SNMP support; therefore the SNMP feature is not installed on clients where the Network HSM is the only HSM to be used.)
The following features are available for use with the addlocal= option :
Feature identifier value | Can be installed with these Luna devices | Description |
---|---|---|
CSP_KSP | NETWORK, PCI, USB | Microsoft CSP and KSP |
FMSDK | NETWORK, PCIe * | Functionality Modules Software Development Kit |
FMTOOLS | NETWORK, PCIe * | Tools for use when preparing Functionality Modules |
JCProv | NETWORK, PCIe, USB | JCPROV PKCS#11 |
JSP | NETWORK, PCIe, USB | Java Provider component |
SDK | NETWORK, PCIe, USB | Software SDK – Java / C++ samples |
SNMP | PCIe, USB, Backup | SNMP subagent |
The features can be installed together with the listed device(s) only - they cannot be installed separately - and need to be included only once in the command line. For example, if you are installing the NETWORK and PCI devices and you wish to install the CSP / KSP feature, specify CSP_KSP one time. The feature names are not case-sensitive.
NOTE * If you install FMTOOLS for NETWORK only, then just mkfm and the library are installed.
If you install FMTOOLS for PCI, then mkfm and the library along with ctfm and fmrecover are installed.
If you install FMTOOLS for both NETWORK and PCIe devices, then all four elements are installed.
If you install the FM SDK, the Luna SDK is installed as well, to satisfy dependencies.
Options for addlocal= are separated by spaces. Device and feature values are separated by commas, with no spaces, unless the whole list is enclosed between quotation marks. If a space is encountered, outside of paired quotation marks, the next item found is treated as a command option.
Installing all components and features
Subsequent sections detail how to install the Luna HSM Client software, drivers (if necessary), and optional features (like Java support and the SDK), for individual HSMs. This section describes how to install everything at once, so that all Luna HSMs
Use the ADDLOCAL= option together with the value all to install the base client software and the drivers for all Luna devices, along with all the features.
To install the Luna HSM Client software and drivers for all Luna devices and all features
From the location of LunaHSMClient.exe run the following command:
> Install the full Luna HSM Client software with drivers for all Luna HSMs (Network HSM (no driver), PCIe HSM, Backup HSM
LunaHSMClient.exe /install /quiet ADDLOCAL=all
NOTE You can omit the /quiet option to see all options in the GUI dialog.
> [Optional logging] Install the full Luna HSM Client software with drivers for all Luna HSMs (Network HSM (no driver), PCIe HSM, Backup HSM
LunaHSMClient.exe /install /log install.log /quiet ADDLOCAL=all
NOTE The setting /log is optional and saves the installation logs to the file named install.log in the example. The install.log file (whatever name you give it) is required only if troubleshooting an issue with Technical Support.
Installing the Luna HSM Client for the Luna Network HSM
Use the ADDLOCAL=NETWORK option to install the base client software for the Luna Network HSM. Include the values for any optional, individual software components you desire. The base software must be installed first.
To install the Luna HSM Client for the Luna Network HSM
From the location of LunaHSMClient.exe run one of the following commands:
> Install the base Luna HSM Client software necessary to communicate with Luna Network HSM
LunaHSMClient.exe /install /quiet ADDLOCAL=NETWORK
>[Optional] Install the base Luna HSM Client software and any of the optional components for the Luna Network HSM that you desire:
For example, the following command installs the base software and all of the optional components:
LunaHSMClient.exe /install /quiet ADDLOCAL=NETWORK,CSP_KSP,JSP,SDK,JCProv
If you wish to install only some of the components, just specify the ones you want after the product name (NETWORK in this example).
Installing the Luna HSM Client for the Luna PCIe HSM
Use the ADDLOCAL=PCI option to install the base client software for the Luna PCIe HSM. Include any features you desire. The base software must be installed first.
To install the Luna HSM Client for the Luna PCIe HSM
From the location of LunaHSMClient.exe run one of the following commands:
> Install the base Luna HSM Client software for Luna PCIe HSM
LunaHSMClient.exe /install /quiet ADDLOCAL=PCI
>Install the base Luna HSM Client software and any of the optional features for the Luna PCIe HSM that you desire:
For example, the following command installs the base software and all of the optional components:
LunaHSMClient.exe /install /quiet ADDLOCAL=PCI,CSP_KSP,JSP,SDK,JCProv,SNMP
If you wish to install only some of the components, just specify the ones you want after the product name (PCI in this example).
Installing the Luna HSM Client for the Luna USB HSM
Use the ADDLOCAL=USB option to install the base client software for the Luna USB HSM. Include any features you desire. The base software must be installed first.
To install the Luna HSM Client for the Luna USB HSM
From the location of LunaHSMClient.exe run one of the following commands:
> Install for Luna USB HSM
LunaHSMClient.exe /install /quiet ADDLOCAL=USB
>Install the base Luna HSM Client software and any of the optional features for the Luna USB HSM that you desire:
For example, the following command installs the base software and all of the optional components:
LunaHSMClient.exe /install /quiet ADDLOCAL=USB,CSP_KSP,JSP,SDK,JCProv,SNMP
If you wish to install only some of the components, just specify the ones you want after the product name (USB in this example).
Installing the Luna HSM Client for the Luna Backup HSM
Use the ADDLOCAL=BACKUP option to install the base client software for the Luna Backup HSM, and the optional feature, if desired. For the Backup HSM, which performs backup and restore operations and is not enabled for use with cryptographic applications, the feature you might add is SNMP, if applicable in your environment.
To install the Luna HSM Client for the Luna Backup HSM
From the location of LunaHSMClient.exe run one of the following commands:
> Install the base Luna HSM Client software for Luna Backup HSM
LunaHSMClient.exe /install /quiet /norestart ADDLOCAL=BACKUP
>Install the base Luna HSM Client software and an optional component for the Luna Backup HSM:
For example, the following command installs the base software and the optional component:
LunaHSMClient.exe /install /quiet /norestart ADDLOCAL=backup,snmp
Installing the Luna HSM Client for Remote PED
Use the ADDLOCAL= option with component value PEDto install the client software for the Luna Backup HSM.
To install the Luna HSM Client for the Luna Backup HSM
>From the location of LunaHSMClient.exe run the following command:
LunaHSMClient.exe /install /quiet addlocal=ped
Installation Location
Specify the installation location, if the default location is not suitable for your situation.
This applies to installation of any Luna Device. Provide the INSTALLDIR= option, along with a fully qualified path to the desired target location. For example:
LunaHSMClient.exe /install /quiet addlocal=all installdir=c:\lunaclient
That command silently installs all of the Luna device software and features to the folder c:\lunaclient (in this example). The software is installed into the same subdirectories per component and feature, under that named folder, as would be the case if INSTALLDIR was not provided. That is, INSTALLDIR changes the prefix or primary client installation folder to the one you specify, and the libraries, devices, tools, certificate folders, etc. are installed in their predetermined relationship, but under the new main folder location.
Logging
If problems are encountered during installation or uninstallation of the software and you wish to determine the reason, or if Thales Technical Support has requested you to do so, detailed logs can be generated and captured by specifying the /log option and providing a filename to capture the log output. Two logs are generated – one according to the name given and the other similarly named, with a number appended. Both log files must be sent to Thales support if assistance is required.
Example commands that include logging are:
LunaHSMClient.exe /install /quiet /log install.log /norestart ADDLOCAL=backup,snmp
LunaHSMClient.exe /uninstall /quiet /log uninstall.log
Uninstalling the Luna HSM Client
You can also perform scripted/unattended uninstallation.
To uninstall the Luna HSM Client
>From the location of LunaHSMClient.exe run the following command:
LunaHSMClient.exe /uninstall /quiet
>To log the uninstallation process, run the following command:
LunaHSMClient.exe /uninstall /quiet /log uninstall.log