Installation for Network Mode
To operate in network mode, a SafeNet high-level cryptographic API such as SafeNet ProtectToolkit-C requires that the ProtectServer Network HSM Access Provider be installed. See Operating Modes and Access Providers for more about network mode.
The ProtectServer Network HSM Access Provider package (PTKnethsm) must be installed on the client machine along with the API. This chapter provides installation instructions for Windows operating systems. For Linux installation, see Using the Unix Installation Utility.
>Network Mode Client Configuration Items
Windows Installation
Before following the procedure below, ensure you are logged in as a member of the Windows administrator group.
Upgrading
If you are upgrading the access provider, you must uninstall any previous version by using the Windows Programs and Features control panel before proceeding. The latest versions of the client software and HSM firmware can be found on the Thales Technical Support Customer Portal. See Support Contacts for more information.
CAUTION! If uninstallation is not carried out first, the system may lock up. See Troubleshooting for recovery instructions.
To install the ProtectServer Network HSM Access Provider
1.Unpack the .tar archive and execute the file PTKnethsm.msi.
2.Work through the installation wizard to complete the installation.
By default, the ProtectServer Network HSM Access Provider package is installed in the following directory:
\Program Files\SafeNet\Protect Toolkit 5\Network HSM
A prompt during the installation allows you to change the default destination. Unless there is good reason, the default should be accepted.
3.When the command window below is displayed, specify the hostname or IP address of slots on one or more HSMs on the network, separated by single spaces. The server listening port is 12396. If you do not enter a configuration string, the default server Localhost is used. This setting can be used for testing purposes, to simulate access to HSM slots across a network when the HSM is in fact located in the local (client) machine.
The server configuration string is stored in the Windows registry as a configuration item (ET_HSM_NETCLIENT_SERVERLIST). After installation, change this configuration item’s value to permanently change server details. To change server details temporarily, use an environment variable to override the registry setting.
For more information about configuration items, see Configuration Items.
To verify the installation
From a command prompt, type hsmstate to execute the hsmstate utility. If the Network HSM is correctly configured, the following will be returned:
HSM device 0: HSM in NORMAL MODE. RESPONDING. Usage Level=0%
You should see a response entry for each configured device slot. For more information about the hsmstate utility, refer to the section in Utilities Command Reference.