SafeNet IDPrime Virtual Server

This document describes how to deploy and configure the SafeNet IDPrime Virtual (IDPV) Server with the required services.

Types of Release

There are two different release versions of IDPrime Virtual Server available:

1. Evaluation version – allows test and evaluation installations without additional licenses. However, this version is limited to 50 tokens.

2. Full version – requires a dedicated license and user can can create unlimited tokens.

Versions Supported

Server Operating Systems

• Red Hat Enterprise Linux Server 9
• Ubuntu 22.04
• CentOS-7

IDPV Server supports other Linux server distributions. The Debian operating system is compatible with Docker but is yet to test.

Minimum System Requirements

• Linux Kernel 3.10 (or above) (included with the operating systems listed above)
• 16 GB RAM (for server performance that matches your requirements, contact Thales team)
• 256 GB HDD
• 64 GB of space (minimum) for the /var directory before Docker is installed

Database Servers

• MySQL 8.0.29 (or above)
• MariaDB 10.10.2 (or above)
• MSSQL 16.0.1000.6 (or above)
• PSQL 14.2 (or above)
• Oracle Database Enterprise and Express Edition 21.3.0.0.0 (or above)

Tools and Software

• Docker 17.03.1 (or above)
• Kubernetes v1.13.0 (or above)

• LUNA Network HSM 6.3.1

  Support for Luna 6 was discontinued after the IDPV Server 2.4.1 GA release.

• LUNA Network HSM 7.3

• LUNA Network HSM 7.7
• LUNA Client, Alpine: Universal-Luna_Minimal_Client_V10.3.0_277

• KeySecure 450v

  • Software Version 8.4.2
  • P11 connector version 8.8.0
  • ProtectApp connector version 8.12

  Support for KeySecure 450v was discontinued after the IDPV Server 2.5.0 GA release.

• Support for Evaluation version only

  • SoftHSM
  • DPoD
  • Keysecure
  • LUNA Client, Debain: Universal-Linux_Luna_Minimal_Client_V10.4.0_RevA

Deployment Model

The deployment model consists of:

• IDPrime Virtual Server (Server 1 - hosted using a Docker container or Kubernetes cluster)

• HSM Server (Server 2 - configured with at least one partition)

• Database Server (Server 3)

The Docker container of Server 1 connects Server 2 and Server 3 containers using configuration details such as IP Address, Port, Username, and Password for the Database server; Token Name and PIN for the HSM server.

Ensure that the IDPV Server host has access to the HSM and Database servers.

This document uses /var/thales/config/ and /var/thales/hsm/ directories for placing configuration files. However, based on requirements, you can use different directory names. If you choose different names, use them with discretion in relation to the names mentioned in this document.

Refer to the following sections to setup the IDPV server:

• Prerequisites for IDPV Server

• Configuring the IDP and Token Policy Parameters

• Installing SafeNet IDPrime Virtual Server

• Running IDPV Server

• Creating a Tenant

• Server Logs

• Upgrading IDPV Server

The term server may be used as an abbreviation for SafeNet IDPrime Virtual Server in this documentation.