Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

Luna HSM integration

Prerequisites

search

Prerequisites

Please Note:

Prerequisites

Before you proceed with the integration, complete the following tasks:

Configure Luna HSM

If you are using a Luna HSM, ensure the following:

  1. Ensure the HSM is set up, initialized, provisioned and ready for deployment. Refer to the configuring Luna HSM section for more information.

  2. Create a partition on the Luna HSM for use with SafeNet Authentication Service (SAS).

  3. If you are using a Luna Network HSM, register a client for the system and assign the client to each partition to create an NTLS connection for the three partitions. Initialize the Crypto Officer and Crypto User roles for each registered partition.

  4. Ensure that each partition is successfully registered and configured. The command to see the registered partitions is:

    C:\Program Files\SafeNet\LunaClient>lunacm.exe lunacm (64-bit) v10.2.0-111. Copyright (c) 2020 SafeNet. All rights reserved.

    Available HSMs:
    Slot Id -> 0
    Label -> SAS_PCE_Par
    Serial Number -> 1238696045103
    Model -> LunaSA 7.4.0
    Firmware Version -> 7.4.0
    Configuration -> Luna User Partition With SO (PW) Key Export
    with Cloning Mode
    Slot Description -> Net Token Slot
    FM HW Status -> FM Ready
    Current Slot Id: 0

  5. For PED-authenticated HSM, enable partition policies 22 and 23 to allow activation and auto-activation.

    Follow the configuring Luna HSM section for detailed steps for creating NTLS connection, initializing the partitions, and various user roles.

Configure Luna HSM HA (High-Availability)

Please refer to the Luna HSM documentation (add reference) for HA steps and details regarding configuring and setting up two or more HSM appliances on Windows and UNIX systems. You must enable the HAOnly setting in HA for failover to work so that if primary stop functioning for some reason, all calls automatically routed to secondary till primary starts functioning again.

This integration is tested in both HA and FIPS mode.

Set up SafeNet Authentication Service (SAS)

Please refer to the SafeNet Authentication Service (SAS) Documentation (add reference) for installing and configuring the product. You can download SafeNet Authentication Service (SAS) from the Thales support site using the link given below:

https://supportportal.thalesgroup.com/csm

https://<hostname or IP address>/console

Admin Console Login Screen