Network Mode Setup using a SafeNet Network HSM
In network mode, the application and API are located remotely from the HSM across a network.
Figure 1: Network Mode using a SafeNet Network HSM
To set up a SafeNet Network HSM with a client in Network Mode
1.Install the SafeNet HSM on the same network as the client machine and verify its availability on the network.
This includes assigning an IP address, hostname, gateway, and access control. Consult the relevant installation manual:
•SafeNet ProtectServer PCIe HSM Installation Guide
•SafeNet ProtectServer Network HSM Installation/Configuration Guide
2.Install the necessary third-party software on the client machine.
Install the Java runtime, .NET (Windows only) and MSCV (Windows only) software. See System Requirements.
3.Install the SafeNet Network HSM Access Provider software package on the client machine.
The SafeNet Network HSM Access Provider software package (filename: PTKnethsm) must be installed with the high-level cryptographic API on the client-side machine. The software package includes the Net Client software required for SafeNet hardware devices to provide cryptographic services over a TCP/IP network.
For more information on installing the access provider, consult the section relevant to your system in Installation for Network Mode
4.Make any necessary configuration changes to the access provider.
Configuration changes can be made on a temporary, user, or system level. See Configuration Items for details. For a list of configurable items, see Network Mode Client Configuration Items.
5.Install the SafeNet high-level cryptographic API on the client machine and confirm correct operation of the hardware.
Refer to the relevant installation guide provided with the API:
•SafeNet ProtectToolkit-C Administration Guide
•SafeNet ProtectToolkit-J Installation Guide
•SafeNet ProtectToolkit-M User Guide
6.Configure the API as necessary.
This may include tasks such as:
•establishing a trusted channel or secure messaging system (SMS) between the API and the Network HSM
•establishing network communication between the client and one or more servers on the same network
See the relevant installation/administration guide for details.