High Availability Group Status

Two Luna extensions to the PKCS#11 standard allow query of the HA group state.

CA_GetHAState

Get the status of the HA group. This function calls each group member one at a time. Deprecated in Luna HSM Client 10.7.0 and newer; use High Availability Group Status instead for improved performance.

CA_GetHAState(CK_SLOT_ID      slotId, 
              CK_HA_STATE_PTR pState);

I/O	Argument	Description
In	slotId	The virtual slot number of the HA group.
Out	pState	The reported state of the HA group, as defined by the following structure: typedef struct CK_HA_MEMBER{ CK_CHAR memberSerial[16]; CK_RV memberStatus; }CK_HA_MEMBER; typedef struct CK_HA_STATUS{ CK_CHAR groupSerial[16]; CK_HA_MEMBER memberList[32]; CK_ULONG listSize; }CK_HA_STATUS; typedef CK_HA_MEMBER CK_POINTER CK_HA_MEMBER_PTR; typedef CK_HA_STATUS CK_POINTER CK_HA_STATE_PTR; Returns: >groupSerial: The 16-byte serial number of the HA group. >memberList: Array of information on up to 32 HA member partitions as follows: •memberSerial: The 16-byte serial number of the member partition. •memberStatus: The status of the member. >listSize: The length of the memberList array.

I/O

Argument

Description

slotId

The virtual slot number of the HA group.

Out

pState

The reported state of the HA group, as defined by the following structure:

typedef struct CK_HA_MEMBER{
   CK_CHAR     memberSerial[16];
   CK_RV       memberStatus;
}CK_HA_MEMBER;

typedef struct CK_HA_STATUS{
   CK_CHAR       groupSerial[16];
   CK_HA_MEMBER   memberList[32];
   CK_ULONG      listSize;
}CK_HA_STATUS;

typedef CK_HA_MEMBER CK_POINTER CK_HA_MEMBER_PTR;

typedef CK_HA_STATUS  CK_POINTER CK_HA_STATE_PTR;

Returns:

>groupSerial: The 16-byte serial number of the HA group.

>memberList: Array of information on up to 32 HA member partitions as follows:

•memberSerial: The 16-byte serial number of the member partition.

•memberStatus: The status of the member.

>listSize: The length of the memberList array.

CA_GetCurrentHAState

Get HA status from the application perspective. Same functional behavior as High Availability Group Status, but uses parallel checks of members, avoids delays once a peer is found unreachable, and returns all member statuses within 3 seconds. The 3-second return is expected to be achievable for an HA group up to 32 members and is verified in laboratory conditions, when not affected by appliance CPU, memory, network, or HSM bottlenecks that are outside the control of the cryptographic module and its host.

Any failed member statuses are returned following the configured timeout. Timeout defaults to 3 seconds for the check of all group members, but can be set as high as 60 seconds by the statusTimeout configuration option in the HAConfiguration section of the Chrystoki.conf / crystoki.ini file.

NOTE This feature includes internal fail-safes to avoid race conditions, but invocation from an outside application must be threadsafe.

Requires minimum Luna HSM Client 10.7.0. For older client versions, use High Availability Group Status.

CA_GetCurrentHAState(CK_SLOT_ID      slotId, 
                     CK_HA_STATE_PTR pState);

I/O	Argument	Description
In	slotId	The slot number.
Out	pState	The reported state of the HA group, as defined by the following structure: typedef struct CK_HA_MEMBER{ CK_CHAR memberSerial[16]; CK_RV memberStatus; }CK_HA_MEMBER; typedef struct CK_HA_STATUS{ CK_CHAR groupSerial[16]; CK_HA_MEMBER memberList[32]; CK_ULONG listSize; }CK_HA_STATUS; typedef CK_HA_MEMBER CK_POINTER CK_HA_MEMBER_PTR; typedef CK_HA_STATUS CK_POINTER CK_HA_STATE_PTR; Returns: >groupSerial: The 16-byte serial number of the HA group. >memberList: Array of information on up to 32 HA member partitions as follows: •memberSerial: The 16-byte serial number of the member partition. •memberStatus: The status of the member. >listSize: The length of the memberList array.

I/O