Network Mode Setup using a SafeNet PCIe HSM Adapter
If a PCIe adapter is used as a network HSM, SafeNet HSM Net Server software must be installed on the same machine.
Figure 1: Network Mode using a SafeNet ProtectServer adapter
To set up a SafeNet PCIe adapter in Network Mode
1.Install the SafeNet adapter card in the server machine.
Please consult the relevant installation manual, such as the SafeNet ProtectServer PCIe HSM Installation Guide.
2.Install the necessary third-party software on the server machine.
Install the Java runtime, .NET (Windows only) and MSCV (Windows only) software. See System Requirements.
3.Install the SafeNet PCIe HSM Access Provider software package on the server machine.
The SafeNet PCI HSM Access Provider software package (file name: PTKpcihsm2) contains the device driver for a compatible, locally-installed SafeNet cryptographic services adapter such as the ProtectServer.
For more information on installing the access provider, see Installation for PCIe Mode.
4.Install the Net Server software package on the server machine.
When using a SafeNet ProtectServer PCIe HSM in network mode, the SafeNet HSM Net Server package (filename: PTKnetsvr) must be installed in the server-side machine with the HSM adapter. For details, consult the section relevant to your system:
•For Windows operating systems, see PCIe Server Configuration for Network Mode
•For Linux operating systems, see Using the Unix Installation Utility.
5.Make any necessary configuration changes on the server machine.
Configuration changes can be made on a temporary, user, or system level. See Configuration Items for details. For a list of configurable items, see Network Mode Server Configuration Items.
6.Install the necessary third-party software on the client machine.
Install the Java runtime, .NET (Windows only) and MSCV (Windows only) software. See System Requirements.
7.Install the SafeNet Network HSM Access Provider software package on the client machine.
The SafeNet Network HSM Access Provider software package (filename: PTKnethsm) must be installed with the high-level cryptographic API on the client-side machine. The software package includes the Net Client software required for SafeNet hardware devices to provide cryptographic services over a TCP/IP network.
For more information on installing and configuring the access provider, consult the section relevant to your system.
•For Windows operating systems, see Installation for Network Mode.
•For Linux operating systems, see Using the Unix Installation Utility.
8.Make any necessary configuration changes on the client machine.
See Configuration Items for details. For a list of configurable items, see Network Mode Client Configuration Items.
9.Install the SafeNet high-level cryptographic API on the client machine and confirm correct operation of the hardware.
Refer to the relevant installation guide provided with the API:
•SafeNet ProtectToolkit-C Administration Guide
•SafeNet ProtectToolkit-J Installation Guide
•SafeNet ProtectToolkit-M User Guide
10.Configure the API as necessary.
This may include tasks such as:
•establishing a trusted channel or secure messaging system (SMS) between the API and the networked HSM server
•establishing network communication between the client and one or more servers on the same network
See the relevant installation/administration guide for details.