SafeNet IDPrime Virtual Server

This document describes how to deploy and configure the SafeNet IDPrime Virtual (IDPV) Server with the required services.

Types of Release

There are two different release versions of IDPrime Virtual Server available:

• Evaluation version

  • Enables test and evaluation installations without requiring additional licenses, with a limitation of 500 tokens.

  • Includes SoftHSM.

  • Also supports Luna and DPod HSM.

    • LUNA Minimal Client, Ubuntu: Universal_Linux_Luna_Minimal_Client_V10.7.1_RevA.
    • For Luna, install a compatible version of the Luna client (Luna Client v10.7 or later) for this image.
    • For DPoD, install a compatible version of the Luna client (Luna Client v10.5 or later) for this image.

• Full version – requires a dedicated license and supports unlimited tokens.

  • IDPrimeVirtual_Server_Alpine - supports Luna HSM only.

    • LUNA Minimal Client, Alpine: Universal-Luna_Minimal_Client_V10.3.0_277.
    • Install a compatible version of the Luna client (Luna Client v10.4 or v10.5) for this image.

  • IDPrimeVirtual_Server_Ubuntu - supports Luna and DPoD HSM.

    • LUNA Minimal Client, Ubuntu: Universal_Linux_Luna_Minimal_Client_V10.7.1_RevA.
    • For Luna, install a compatible version of the Luna client (Luna Client v10.7 or later) for this image.
    • For DPoD, install a compatible version of the Luna client (Luna Client v10.5 or later) for this image.

Versions Supported

Server Operating Systems

• Red Hat Enterprise Linux Server 9
• Ubuntu 22.04
• CentOS-7

Minimum System Requirements

• Linux Kernel 3.10 (or above) (included with the operating systems listed above)
• 16 GB RAM (for server performance that matches your requirements, contact Thales team)
• 256 GB HDD
• 64 GB of space (minimum) for the /var directory before Docker is installed

Database Servers

• MySQL 8.0.29 (or above)
• MariaDB 10.10.2 (or above)
• MSSQL 16.0.1000.6 (or above)
• PSQL 14.2 (or above)
• Oracle Database Enterprise and Express Edition 21.3.0.0.0 (or above)

Tools and Software

• Docker 17.03.1 (or above)
• Kubernetes v1.13.0 (or above)

• LUNA Network HSM 6.3.1

  Support for Luna 6 was discontinued after the IDPV Server 2.4.1 GA release.

• LUNA Network HSM 7.3

• LUNA Network HSM 7.7

  LunaSA versions earlier than 7.4.0 support the import of RSA 3072 keys, whereas LunaSA version 7.4.0 and later support the import of RSA 4096 keys. Attempting to import a 4096 RSA key into a Luna HSM version earlier than 7.4 will result in an error.

Deployment Model

The deployment model consists of:

• IDPrime Virtual Server (Server 1 - hosted using a Docker container or Kubernetes cluster)

• HSM Server (Server 2 - configured with at least one partition)

• Database Server (Server 3)

The Docker container of Server 1 connects Server 2 and Server 3 containers using configuration details such as IP Address, Port, Username, and Password for the Database server; Token Name and PIN for the HSM server.

Ensure that the IDPV Server host has access to the HSM and Database servers.

This document uses /var/thales/config/ and /var/thales/hsm/ directories for placing configuration files. However, based on requirements, you can use different directory names. If you choose different names, use them with discretion in relation to the names mentioned in this document.

Refer to the following sections to setup the IDPV server:

• Prerequisites for IDPV Server

• Configuring the IDP and Token Policy Parameters

• Installing SafeNet IDPrime Virtual Server

• Running IDPV Server

• Creating a Tenant

• Server Logs

• Upgrading IDPV Server

The term server may be used as an abbreviation for SafeNet IDPrime Virtual Server in this documentation.