Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Luna HSM integration

Prerequisites

search

Please Note:

Prerequisites

Before you proceed with the integration, complete the following tasks:

Configure Luna HSM

If you are using a Luna HSM, ensure the following:

  1. Ensure the HSM is set up, initialized, provisioned and ready for deployment. Refer to the configuring Luna HSM section for more information.

  2. Create a partition on the Luna HSM for use with SafeNet Authentication Service (SAS).

  3. If you are using a Luna Network HSM, register a client for the system and assign the client to each partition to create an NTLS connection for the three partitions. Initialize the Crypto Officer and Crypto User roles for each registered partition.

  4. Ensure that each partition is successfully registered and configured. The command to see the registered partitions is:

    C:\Program Files\SafeNet\LunaClient>lunacm.exe lunacm (64-bit) v10.2.0-111. Copyright (c) 2020 SafeNet. All rights reserved.

    Available HSMs:
    Slot Id -> 0
    Label -> SAS_PCE_Par
    Serial Number -> 1238696045103
    Model -> LunaSA 7.4.0
    Firmware Version -> 7.4.0
    Configuration -> Luna User Partition With SO (PW) Key Export
    with Cloning Mode
    Slot Description -> Net Token Slot
    FM HW Status -> FM Ready
    Current Slot Id: 0

  5. For PED-authenticated HSM, enable partition policies 22 and 23 to allow activation and auto-activation.

    Follow the configuring Luna HSM section for detailed steps for creating NTLS connection, initializing the partitions, and various user roles.

Configure Luna HSM HA (High-Availability)

Please refer to the setting up HSM in HA mode section for HA steps and details regarding configuring and setting up two or more HSM appliances on Windows and UNIX systems. You must enable the HAOnly setting in HA for failover to work so that if primary stop functioning for some reason, all calls are automatically routed to secondary till primary starts functioning again.

This integration is tested in both HA and FIPS mode.

Set up SafeNet Authentication Service (SAS)

For detailed instructions on installing and configuring the SafeNet Authentication Service (SAS), refer to the installing SAS section and configuring SAS section, respectively. To download the SAS software, visit the Thales support site by following the provided link:

https://supportportal.thalesgroup.com/csm

Once the installation is complete, verify the successful operation of the SAS service by accessing the following URL:

https://<hostname or IP address>/console

Admin Console Login Screen

On this page