Network Mode Setup using a SafeNet PCIe HSM Adapter

If a PCIe adapter is used as a network HSM, SafeNet HSM Net Server software must be installed on the same machine.

Figure 1: Network Mode using a SafeNet ProtectServer adapter

To set up a SafeNet PCIe adapter in Network Mode

1.Install the SafeNet adapter card in the server machine.

Please consult the relevant installation manual, such as the SafeNet ProtectServer PCIe HSM Installation Guide.

2.Install the necessary third-party software on the server machine.

Install the Java runtime, .NET (Windows only) and MSCV (Windows only) software. See System Requirements.

3.Install the SafeNet PCIe HSM Access Provider software package on the server machine.

The SafeNet PCI HSM Access Provider software package (file name: PTKpcihsm2) contains the device driver for a compatible, locally-installed SafeNet cryptographic services adapter such as the ProtectServer.

For more information on installing the access provider, see Installation for PCIe Mode.

4.Install the Net Server software package on the server machine.

When using a SafeNet ProtectServer PCIe HSM in network mode, the SafeNet HSM Net Server package (filename: PTKnetsvr) must be installed in the server-side machine with the HSM adapter. For details, consult the section relevant to your system:

For Windows operating systems, see PCIe Server Configuration for Network Mode

For Linux operating systems, see Using the Unix Installation Utility.

5.Make any necessary configuration changes on the server machine.

Configuration changes can be made on a temporary, user, or system level. See Configuration Items for details. For a list of configurable items, see Network Mode Server Configuration Items.

6.Install the necessary third-party software on the client machine.

Install the Java runtime, .NET (Windows only) and MSCV (Windows only) software. See System Requirements.

7.Install the SafeNet Network HSM Access Provider software package on the client machine.

The SafeNet Network HSM Access Provider software package (filename: PTKnethsm) must be installed with the high-level cryptographic API on the client-side machine. The software package includes the Net Client software required for SafeNet hardware devices to provide cryptographic services over a TCP/IP network.

For more information on installing and configuring the access provider, consult the section relevant to your system.

For Windows operating systems, see Installation for Network Mode.

For Linux operating systems, see Using the Unix Installation Utility.

8.Make any necessary configuration changes on the client machine.

See Configuration Items for details. For a list of configurable items, see Network Mode Client Configuration Items.

9.Install the SafeNet high-level cryptographic API on the client machine and confirm correct operation of the hardware.

Refer to the relevant installation guide provided with the API:

SafeNet ProtectToolkit-C Administration Guide

SafeNet ProtectToolkit-J Installation Guide

SafeNet ProtectToolkit-M User Guide

10.Configure the API as necessary.

This may include tasks such as:

establishing a trusted channel or secure messaging system (SMS) between the API and the networked HSM server

establishing network communication between the client and one or more servers on the same network

See the relevant installation/administration guide for details.


Customer Support Portal

SafeNet ProtectToolkit 5.7 Product Documentation  08 January 2020  Copyright 2009-2020 Gemalto. All rights reserved.