Configuring PED Timeout Settings
You can configure the PED timeout settings for your Remote PED connection. This is useful in the following situations:
>You would like to improve workflows for your HSM roles or enhance the security of your multifactor quorum-authenticated Luna PCIe HSM 7 deployment by increasing or decreasing the duration of PED inactivity that can elapse until the PED connection breaks.
>You are using a quorum (M of N split-secret) authentication scheme for your HSM roles and need to increase the time that is available for each required user to present their PED key. For more information about this authentication scheme, refer to Quorum Split Secrets (M of N).
>You are updating to Luna HSM Firmware 7.7.0 or newer and need to increase the time that is available migrate all your pre-existing orange PED keys. For more information about this migration procedure, refer to Migrating Existing Orange Remote PED keys.
Configuring PED Inactivity Timeout
You can increase or decrease the number of seconds of PED inactivity that can elapse before the PED connection breaks. PEDserver and PEDclient both have configurable timeout settings, but the utility that uses the briefer value determines the actual timeout duration.
To configure PED inactivity timeout, run
After configuration, you can verify that the PED inactivity timeout duration has changed by running
Configuring PED key Interaction Timeout
You can set the amount of time that can elapse without completing PED key requests, before the PED key request ends and must be repeated.
Estimate your actual settings based on the number of keys you are migrating.
To configure PED key interaction timeout,
Configuring Luna PED Operation Timeout
You can set the amount of time that can elapse without completing a Luna PED operation request, before the PED operation ends and must be repeated.
To configure PED key interaction timeout,
