Installing the ProtectServer Network HSM Plus Hardware

This section provides basic hardware installation instructions (mounting in a rack, connecting cables, etc.). The ProtectServer Network HSM Plus appliance comes with front brackets and side-rails and sliders for the rear brackets, packed separately in the carton.

Installation Notes

1.Any computer that is to act as a client to the ProtectServer Network HSM Plus appliance must have the Client software installed. Windows users should log in to your computer as a user with Administrator privileges.

2.A computer that is to be used only for administering the ProtectServer Network HSM Plus does not need the Client software – only an SSH client such as the PuTTY program that we have provided for Windows, or the SSH utilities that come standard with most Linux and UNIX platforms.

3.Both tasks (Client, and administration) can be performed on a single computer, but in normal practice they are often separate tasks for separate computers.

Installing the ProtectServer Network HSM Plus Hardware

You can optionally install the brackets if they suit your equipment rack. The front brackets can be installed with their tabs forward (for flush-mount of the appliance) or reversed, to allow the front of the appliance to stand out from the rack. The rear brackets install in either direction – as appropriate for your rack post spacing – with the brackets simply sliding into the rails on each side of the appliance.

The supplied brackets are designed and intended for 4-point support of the appliance, in racks with rear-post depth up to 22 inches.

CAUTION!   Do not attempt to mount the appliance using only the front brackets – damage can occur.

To install the ProtectServer Network HSM Plus hardware

1.Install and adjust rails and brackets to suit your equipment rack

 

2.Mount the appliance in your equipment rack. Alternatively, ignore the rails and mounting tabs, and rest the ProtectServer Network HSM Plus appliance on a mounting tray or shelf suitable for your specific style and brand of equipment rack.

CAUTION!    Support the weight of the appliance until all four brackets are secured.

3.Insert the power (a) and network (b) cables at the rear panel.

The ProtectServer Network HSM Plus is equipped with two NICs (eth0 and eth1) incorporating an IPv4/IPv6 dual stack, allowing you to configure both an IPv4 and IPv6 address on each interface. If you intend to use both NICs, connect Ethernet cables to both LAN connectors.

For proper redundancy and best reliability, the power cables should connect to two independent power sources.

4.Press and release the Start/Stop switch, on the rear panel.

5.Connect a terminal to the serial connector on the front panel.

6.If you have already installed SafeNet ProtectToolkit client software, refer to the SafeNet ProtectToolkit-C Administration Guide.

Smart Card Reader Installation

The unit supports the use of smart cards with a SafeNet-supplied smart card reader. Other smart card readers are not supported.

The SafeNet ProtectServer Network HSM Plus supports two different card readers:

>the new USB card reader (introduced in 5.2)

>the legacy card reader, which provides a serial interface for data (via a USB-to-serial cable) and a PS/2 interface for power (direct or via a PS/2 to USB adapter)

Installing the USB smart card reader

To install the USB card reader, simply plug the card reader into the HSM USB port on the back of the device, as illustrated below.

Installing the legacy card reader

To install the smart card reader, connect it to the HSM USB port with the included USB-to-serial cable.

The legacy card reader must also be connected to a PS/2 port for its power. Many newer servers have USB ports, but do not provide a PS/2 connection.

If there is no available PS/2 connection, there are two options:

>Connect a PS/2-to-USB adapter between the card reader and a USB port on the SafeNet ProtectServer Network HSM Plus.

>If, for security reasons, you prefer to not expose USB ports on your crypto server, connect a PS/2-to-USB adapter cable between the card reader and a standalone powered USB hub.

NOTE   The USB connection is for power only. No data transfer occurs over this connection.

Next, see Testing and Configuration.


Customer Support Portal

SafeNet ProtectToolkit 5.9 Product Documentation  06 January 2020  Copyright 2009-2020 Thales. All rights reserved.