Customizing Partition Sizes

If you do not specify a size in bytes when creating a partition, LunaSH automatically assigns an equal share of the total HSM memory. For example, if you purchased a Luna Network HSM with 16MB of memory and 10 partition licenses, each partition would have a default size of 1.6 MB. The basic allotment ensures that you can create all licensed partitions, each with enough space to hold at least one RSA key pair.

The maximum number of partitions depends on the model of Luna Network HSM you purchased. Your HSM can be upgraded with additional partition licenses if your desired configuration calls for them.

LunaSH allows you to customize the size of a partition for its intended purpose. You can choose to do this when you create each partition, or you can re-size them later, even if the partition is initialized. You must log in as HSM SO to re-size existing partitions.

>Creating a Custom-Sized Partition

>Re-sizing an Existing Partition

>Creating Multiple Equal Large Partitions

Prerequisites

Use lunash:> hsm show to see:

>Total HSM storage

>Current memory usage

>Current number of partitions

>Maximum number of partitions allowed

Use lunash:> partition list to see:

>All current application partitions

>Total storage allotted to each

>Total used and available storage on each partition

NOTE   Each partition requires 9648 bytes of memory to store security and identity information. Take this into account when creating very small specialized partitions (for example, a partition containing a single key pair for signing and verification).

Creating a Custom-Sized Partition

Use the following procedure to specify the size of a new application partition. You must be logged in as HSM SO to create new partitions.

To create a custom-sized partition

1.Connect to the appliance via SSH or a serial connection, and log in to LunaSH as admin or operator, or a custom user with an admin or operator role (see Logging In to LunaSH).

2.Log in to the HSM as HSM SO (see Logging In as HSM Security Officer).

3.Create the application partition, specifying the desired size in bytes. To use all remaining space on the HSM, specify -allfreestorage instead of -size.

Partition names created in LunaSH must be 1-32 characters in length. The following characters are allowed:
abcdefghijklmnopqurstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789!@#$%^*()-_=+{}[]:,./?~
Spaces are allowed; enclose the partition name in double quotes if it includes spaces.
The following characters are not allowed: &\|;<>`'"?
No two partitions can have the same name.

lunash:> partition create -partition <name> [-size <size> | -allfreestorage]

Re-sizing an Existing Partition

Use the following procedure to change the size of an existing application partition. You can change the size of any partition on the HSM, even if it is already initialized, as long as the space is available on the HSM and target size is not less than the objects currently stored on the partition. You must be logged in as HSM SO to re-size partitions.

CAUTION!   Before you re-size a partition, back up the partition contents. If a partition is at or near capacity, it might be necessary to remove some objects before re-sizing. You may need to restore the partition from backup after it has been re-sized.

To re-size an existing partition

1.Connect to the appliance via SSH or a serial connection, and log in to LunaSH as admin or operator, or a custom user with an admin or operator role (see Logging In to LunaSH).

2.Log in to the HSM as HSM SO (see Logging In as HSM Security Officer).

3.Re-size the desired partition by specifying the partition name and the desired size in bytes. To use all remaining space on the HSM, specify -allfreestorage instead of -size.

lunash:> partition resize -partition <name> {-size <size> | -allfreestorage}

Creating Multiple Equal Large Partitions

You can use the re-sizing function to customize the space usage on the HSM. If you prefer to have all your partitions sized equally, and to let the HSM do the calculations, the following example might be useful. In this example, the HSM has 20 partition licenses.

To create four equal-size partitions, using all the available storage

1.Start by creating 20 partitions (the maximum allowed) – each will have X bytes available to it.

2.Delete 4 of them (leaving 16).

3.Re-size one partition to use -allfreestorage, which makes that partition as large as five small partitions – the four partitions you just deleted, freeing their allotment, plus the one you are currently resizing – and leaves the HSM with 15 partitions having X bytes each, plus the large one.

lunash:> partition resize -partition <name> -allfreestorage

4.Delete another four small partitions.

5.Re-size one small partition to use -allfreestorage, which makes that partition large (there are now two equally-sized large partitions) and leaves the HSM with 10 partitions having X bytes each, plus the two large ones.

6.Delete another four small partitions.

7.Re-size one small partition to use -allfreestorage, which makes that partition large (there are now three equally-sized large partitions) and leaves the HSM with 5 partitions having X bytes each, plus the three large ones.

8.Delete another four small partitions.

9.Re-size the single remaining small partition to use -allfreestorage, which makes that partition large and leaves 0 (zero) of the original partitions with X bytes each, and the four large partitions of equal size, with no unallocated space on the HSM.

This example uses conveniently round numbers. You might have a few bytes left over, or one partition slightly larger or smaller than the others, depending on the actual configuration of your HSM.