ProtectServer PCIe 2 Installation
Follow these general steps to install and commission a ProtectServer PCIe 2 card and its associated software. More detailed instructions are provided in the following sections.
To install and commission a ProtectServer PCIe 2 card
1.Ensure you have all the necessary components on the list provided. For more information, see Adapter Features.
2.Move the battery jumper from the OFF position to the ON position (see The Battery Jumper Header).
3.If you plan to use an external tamper detector, ensure that it has a two-conductor cable compatible with the tamper-detect connector on the SafeNet adapter (detailed in Adapter Modification for External Tamper Detectors).
4.Install the ProtectServer PCIe 2 card in the host computer system. See Installing the Adapter.
5.Install the ProtectServer HSM Access Provider package and confirm that the adapter and driver are working correctly. See ProtectServer HSM Access Provider Installation.
6.Install the smart card reader if provided, or another serial device. See Smart Card Reader Installation.
7.Install the SafeNet application programming interface (API) or the supplied net server software. See Completing Installation.
Adapter Features
The ProtectServer PCIe 2 is a standard PCIe device that fits into any motherboard PCIe slot of formats x4, x8, or x16.
The Card Faceplate
The card faceplate has two ports:
The MDSM Connector
The micro-D subminiature (MDSM) connector is not used.
The USB Port
The USB port connects a serial device, such as a smart card reader, to the card with the included USB-to-serial adapter.
The Rear Face
The battery and a series of jumper headers are located on the rear face of the card.
The Battery
The battery maintains the internal flash memory.
You can use the ctcheck -b batterystatus command to test the battery's condition. If the battery status is reported as LOW, back up the keys on the HSM and return the HSM to your nearest Thales service centre for battery/HSM replacement. For more information about returning an HSM back to Thales, refer to RMA and Shipping Back to Thales .
CAUTION! Do not attempt to disconnect the battery. Disconnecting the battery will shut down the HSM and trigger a tamper event, which will erase all key material on the HSM.
The Battery Jumper Header
The battery jumper is a three-pin jumper used to engage or disengage the battery.
The battery is in the ON position when a jumper is inserted on the center and left pins, as shown in ProtectServer PCIe 2 Installation.
The battery is in the OFF position when a jumper is inserted on the center and right pins. This setting is not required for normal operation.
CAUTION! Do not change the jumper setting unless instructed by Thales support.
The Decommission Jumper Header
This header is currently unused; do not change its default setting (open).
The Tamper-Input Header
The tamper-input header connects an external tamper device to the card. By default, it has a jumper in place across both pins. To use an external tamper device, run a two-wire cable to your chassis-tamper switch or similar device to open the circuit in the case of a tamper event.
The Polarity Jumper Header
The polarity jumper header is used to configure the card's operating mode. Do not change this jumper setting.
Installing the Adapter
The adapter is a PCI Express Specification 1.1-compliant device. It can be fitted in any spare PCIe slot on the motherboard of formats x4, x8, or x16. If necessary, please consult the documentation accompanying your host system motherboard to find the PCIe slots.
If you are using a tamper-detection device, route the cable to it before closing the computer cover.
ProtectServer HSM Access Provider Installation
After successful installation of the adapter:
1.Install the ProtectServer HSM Access Provider package (PTKpcihsmK6).
2.Confirm the adapter and driver package are operating correctly.
These steps are covered in detail, for both Windows and Unix/Linux systems, in ProtectToolkit Software Installation.
Smart Card Reader Installation
The ProtectServer PCIe 2 supports the use of smart cards with a SafeNet-supplied smart card reader. Readers not supplied by Thales are unsupported.
The ProtectServer PCIe 2 supports two different card readers:
>the new USB card reader (introduced in 5.2)
>the legacy card reader, which provides a serial interface for data (via a USB-to-serial cable) and a PS/2 interface for power (direct or via a PS/2 to USB adapter)
Installing the USB smart card reader
To install the USB card reader, simply plug the card reader into the HSM USB port.
Installing the legacy card reader
To install the smart card reader, use the included USB-to-serial cable to connect it to the HSM USB port on the card faceplate as shown in The connected legacy card reader (The illustration shows the card reader connected to a ProtectServer External 2).
The legacy card reader must also be connected to a PS/2 port for power. Many newer servers have USB ports, but do not provide a PS/2 connection.
The options are:
>Use a PS/2-to-USB adapter (pink) to connect the card reader to a USB port on the host computer.
>If you prefer not to expose USB ports on your crypto server (for security reasons), use a PS/2-to-USB adapter to connect the card reader to a standalone powered USB hub.
The USB connection is for power only. No data transfer occurs.
Figure 1: The connected legacy card reader
Completing Installation
After you have installed the ProtectServer HSM Access Provider, install the supplied SafeNet API or net server software. For more information about installing ProtectToolkit, see ProtectToolkit Software Installation.