Operation in HA Mode

To operate SafeNet ProtectToolkit-C in HA Mode, the Cryptoki Library keeps track of the commands sent to a session. In case of session failure, SafeNet ProtectToolkit-C will re-establish a new session by replaying these commands.

SafeNet ProtectToolkit-C provides the following functions in HA mode:

>Detects that a session has terminated because of HSM failure and automatically establishes a new session on a functioning HSM

>After an HSM failure is detected, periodically attempts to bring the affected HSM back online

>Restarts an object search at the point of failure

>Restarts an Encrypt, Decrypt, Sign, Verify, SignRecover, VerifyRecover and Digest operation and replays the Update operations (up to a certain data length limit)

>Creates a log entry to note significant events

>Recovers session objects created by:

C_CopyObject

C_DeriveKey

C_UnwrapKey

C_GenerateKey *

C_GenerateKeyPair *

NOTE   Randomly-generated keys cannot be recovered if they are lost after they have been used in a cryptographic operation (otherwise, inconsistent results may be generated).

The environment variable ET_PTKC_GENERAL_LIBRARY_MODE specifies the Cryptoki Library operating mode. This variable controls which PKCS #11 model is applied to slot and token usage (see Work Load Distribution Model and High Availability).

Valid values for this variable are NORMAL or WLD or HA. If this variable is not defined, or contains an invalid value, then SafeNet ProtectToolkit-C will operate in NORMAL PKCS #11 mode.

The environment variable ET_PTKC_HA_RECOVER_DELAY defines the time (in minutes) the system will wait after an HSM failure before attempting reconnection to the failed HSM. If the value is zero, reconnection is not attempted.

The environment variable ET_PTKC_HA_RECOVER_WAIT allows the system to poll and attempt recovery if an HSM has failed. Valid values for this variable are YES or NO, valid only if the HA feature is enabled (ET_PTKC_GENERAL_LIBRARY_MODE=HA).

Example

To configure a basic HA system across two SafeNet ProtectServer Network HSMs with IP addresses 192.168.1.100 and 192.168.1.101, where the participating tokens are labeled "TokName", set these configuration items (see Configuration Items):

ET_PTKC_WLD_SLOT_0=TokName
ET_PTKC_GENERAL_LIBRARY_MODE=HA
ET_PTKC_HA_RECOVER_DELAY=120
ET_PTKC_HA_RECOVER_WAIT=YES

HA Mode Logging

When the library is operating in HA mode it will generate log messages on certain events.

Configuration Name

Possible Values

ET_PTKC_HA_LOG_FILE

Log filename:

Windows: c:\ptk_halog.log

Linux: /ptk_halog.log

For example,

ET_PTKC_HA_LOG_FILE=C:\temp\ha_log.log (Windows) or

ET_PTKC_HA_LOG_FILE=/tmp/hsm_log.log (Unix)

ET_PTKC_HA_LOG_NAME

Application name – default ptk_cryptoki

The HA feature will generate the following log messages.

Message

Type

Meaning

Session potentially not recoverable: <desc>

Warning

Application has performed an operation that makes the session unrecoverable. The <desc> field will describe the type of operation. Only one message of this type is generated per C_Initialize/C_Finalize session.

HSM Failure detected hsmIdx=<>, hsmSlotId=<>

Error

A session has failed due to an HSM failure and the HA has attempted a session recovery. The hsmIdx is the zero-based index of the failing HSM, as specified by the ET_HSM_NETCLIENT_SERVERLIST or in the order the SafeNet ProtectServer Network HSMs are detected. This is the same order reported by hsmstate utility.

Found HSM Dead:HSM  Failed

Error

This message is generated only when ET_PTKC_HA_RECOVER_DELAY and ET_PTKC_HA_RECOVER_WAIT are enabled.

It indicates that the library has seen an HSM fail and is holding off all application threads while it attempts to recover the lost HSM.