Product Overview
The SafeNet ProtectServer Network HSM is a self-contained, security-hardened server providing hardware-based cryptographic functionality through a TCP/IP network connection. Together with high-level SafeNet application programming interface (API) software, it provides cryptographic services for a wide range of secure applications.
The SafeNet ProtectServer Network HSM is PC-based. The enclosure is a heavy-duty steel case with common PC ports and controls. Necessary software components come pre-installed on a Linux operating system. Network setting configuration is required, as described in this document.
The full range of cryptographic services required by Public Key Infrastructure (PKI) users is supported by the SafeNet ProtectServer Network HSM’s dedicated hardware cryptographic accelerator. These services include encryption, decryption, signature generation and verification, and key management with a tamper resistant and battery-backed key storage.
The SafeNet ProtectServer Network HSM must be used with one of SafeNet’s high-level cryptographic APIs. The following table shows the provider types and their corresponding SafeNet APIs:
|
API |
SafeNet Product Required |
|---|---|
|
PKCS #11 |
SafeNet ProtectToolkit-C |
|
JCA / JCE |
SafeNet ProtectToolkit-J |
|
Microsoft IIS and CA |
SafeNet ProtectToolkit-M |
These APIs interface directly with the product’s FIPS 140-2 Level 3 certified core using high-speed DES and RSA hardware-based cryptographic processing. Key storage is tamper-resistant and battery-backed.
A smart card reader, supplied with the HSM, allows for the secure loading and backup of keys.
Front panel view
The features on the front panel of the SafeNet ProtectServer Network HSM are illustrated below:
Figure 1: SafeNet ProtectServer Network HSM front panel
Ports
The front panel is equipped with the following ports:
|
VGA |
Connects a VGA monitor to the appliance. |
|
Console |
Provides console access to the appliance. See Testing and Configuration. |
|
USB |
Connects USB devices such as a keyboard or mouse to the appliance. |
|
eth0 |
Autosensing 10/100/1000 Mb/s Ethernet RJ45 ports for connecting the appliance to the network. |
|
HSM USB |
Connects a smart card reader to the appliance using the included USB-to-serial cable. |
HSM serial port pin configuration
The serial port on the USB-to-serial cable, illustrated below, uses a standard RS232 male DB9 pinout:
Figure 2: HSM serial port pinout
LEDs
The front panel is equipped with the following LEDs:
|
Power |
Illuminates green to indicate that the unit is powered on. |
|
HDD |
Flashes amber to indicate hard disk activity. |
|
Status |
Flashes green on startup. |
Reset button
The reset button is located between the USB and Ethernet ports. Pressing the reset button forces an immediate restart of the appliance. Although it does not power off the appliance, it does restart the software. Pressing the reset button is service-affecting and is not recommended under normal operating conditions.
Rear panel view
The features on the rear panel of the SafeNet ProtectServer Network HSM are illustrated below:
Figure 3: SafeNet ProtectServer Network HSM rear panel
Tamper lock
The tamper lock is used during commissioning or decommissioning of the appliance to destroy any keys currently stored on the HSM.
With the key in the horizontal (Active) position, the HSM is in normal operating mode. Turning the key to the vertical (Tamper) position places the HSM in a tamper state, and any keys stored on the HSM are destroyed.
CAUTION! Turning the tamper key from the Active position to the Tamper position deletes any keys currently stored on the HSM. Deleted keys are not recoverable. Ensure that you always back up your keys. To avoid accidentally deleting the keys on an operational SafeNet ProtectServer Network HSM, remove the tamper key after commission and store it in a safe place.
