Gemalto Safenet luna network hsm 7.0 User manual

SafeNet Luna Network HSM 7.0

Installation Guide

Document Information

Product Version 7.0

Document Part Number 007-013576-002

Release Date 02 June 2017

Revision History

Revision Date Reason

Rev. A 02 June 2017 Initial release.

Trademarks, Copyrights, and Third-Party Software

Gemaltoand/or its subsidiaries and are registered in certain countries. All other trademarks and service marks, whether

registered or not in specific countries, are the property of their respective owners.

Software License and copyright

editline This product incorporates editline licensed under Apache v2.0 Open Software.

You can obtain the full text of the Apache v2.0 Open Software license at the following

URL:

https://www.apache.org/licenses/LICENSE-2.0

libFDT Dual License Choice of BSD or GPL-2.0

libsodium ISC License (ISCL)

Linux Kernel GPL-2.0

OpenSSH This product uses a derived version of OpenSSH

You can obtain the full text of the OpenSSH license at the following URL:

https://www.openbsd.org/policy.html

OpenSSL SSLeay License

OpenSSL license

Table 1: Third-party software used in this product

SafeNet Luna Network HSM Installation Guide

Software License and copyright

Software implementation of

SHA2

Proprietary license

Software implementation of

AES

Proprietary license

Disclaimer

All information herein is either public information or is the property of and owned solely by Gemalto and/or its

subsidiaries who shall have and keep the sole right to file patent applications or any other kind of intellectual property

protection in connection with such information.

Nothing herein shall be construed as implying or granting to you any rights, by license, grant or otherwise, under any

intellectual and/or industrial property rights of or concerning any of Gemalto’s information.

This document can be used for informational, non-commercial, internal, and personal use only provided that:

•The copyright notice, the confidentiality and proprietary legend and this full warning notice appear in all copies.

•This document shall not be posted on any publicly accessible network computer or broadcast in any media, and no

modification of any part of this document shall be made.

Use for any other purpose is expressly prohibited and may result in severe civil and criminal liabilities.

The information contained in this document is provided “AS IS” without any warranty of any kind. Unless otherwise

expressly agreed in writing, Gemaltomakes no warranty as to the value or accuracy of information contained herein.

The document could include technical inaccuracies or typographical errors. Changes are periodically added to the

information herein. Furthermore, Gemaltoreserves the right to make any change or improvement in the specifications

data, information, and the like described herein, at any time.

Gemalto hereby disclaims all warranties and conditions with regard to the information contained herein, including all

implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall

Gemalto be liable, whether in contract, tort or otherwise, for any indirect, special or consequential damages or any

damages whatsoever including but not limited to damages resulting from loss of use, data, profits, revenues, or

customers, arising out of or in connection with the use or performance of information contained in this document.

Gemalto does not and shall not warrant that this product will be resistant to all possible attacks and shall not incur, and

disclaims, any liability in this respect. Even if each product is compliant with current security standards in force on the

date of their design, security mechanisms' resistance necessarily evolves according to the state of the art in security

and notably under the emergence of new attacks. Under no circumstances, shall Gemaltobe held liable for any third

party actions and in particular in case of any successful attack against systems or equipment incorporating Gemalto

products. Gemaltodisclaims any liability with respect to security for direct, indirect, incidental or consequential

damages that result from any use of its products. It is further stressed that independent testing and verification by the

person using the product is particularly encouraged, especially in any application in which defective, incorrect or

insecure functioning could result in damage to persons or property, denial of service, or loss of privacy.

All intellectual property is protected by copyright. All trademarks and product names used or referred to are the

transmitted in any form or by any means, electronic, mechanical, chemical, photocopy, recording or otherwise without

the prior written permission of Gemalto.

SafeNet Luna Network HSM Installation Guide

Regulatory Compliance

This product complies with the following regulatory regulations. To ensure compliancy, ensure that you install the

products as specified in the installation instructions and use only Gemalto-supplied or approved accessories.

USA, FCC

This equipment has been tested and found to comply with the limits for a “Class B” digital device, pursuant to part 15 of

the FCC rules.

Canada

This class B digital apparatus meets all requirements of the Canadian interference-causing equipment regulations.

Europe

This product is in conformity with the protection requirements of EC Council Directive 2014/30/EU. This product

satisfies the CLASS B limits of EN55032.

SafeNet Luna Network HSM Installation Guide

CONTENTS

PREFACE About the Installation Guide 7

Customer Release Notes 7

Audience 7

Document Conventions 8

Notes 8

Cautions 8

Warnings 8

Command Syntax and Typeface Conventions 8

Support Contacts 9

1 SafeNet Luna Network HSM Hardware Installation 10

SafeNet Luna Network HSM Required Items 11

Basic SafeNet Luna Network HSM order items 11

PED-Authenticated SafeNet Luna Network HSM order items 13

Optional Items 15

Rack-Mounting the SafeNet Luna Network HSM 16

Using the Supplied Mounting Brackets 16

Using the Optional Sliding Rail System 19

Installing the SafeNet Luna Network HSM Hardware 23

Installation Notes 23

Installing the SafeNet Luna Network HSM Hardware 23

2 SafeNet Luna Remote PED Installation and Configuration 26

Required Items 26

Remote PED Setup 28

3 SafeNet Luna HSM Client Software Installation 32

Linux SafeNet Luna HSMClient Software Installation 33

Prerequisites 33

Installing the Client Software 34

Controlling User Access to Your Attached HSMs and Partitions 35

Uninstalling the Client Software or Removing Components 36

Java Configuration 36

Scripted or Unattended Installation 37

Interrupting the Installation 38

Windows SafeNet Luna HSM Client Installation 40

Required Client Software 40

Prerequisites 40

Installing the Luna HSM Client Software 40

Java 44

CSP and KSP 46

Uninstalling or Modifying the SafeNet Luna Client Software 46

SafeNet Luna Network HSM Installation Guide

After Installation 47

Troubleshooting 47

Scripted/Unattended Windows Installation/Uninstallation 49

Installing the Luna HSM Client for the SafeNet Luna Network HSM 49

Installing the Luna HSM Client for the SafeNet Luna PCIe HSM 50

Installing the Luna HSM Client for the SafeNet Luna USB HSM 50

Installing the Luna HSM Client for the SafeNet Luna Backup HSM 51

Installing the Luna HSM Client for Remote PED 52

Uninstalling the Luna HSM Client 52

SafeNet Luna Network HSM Installation Guide

PREFACE

About the Installation Guide

This document describes how to install the SafeNet Luna HSMhardware and the SafeNet Luna Client software. Refer

to the following chapters to install the hardware and software components applicable to you:

SafeNet Luna HSM hardware installation

•"SafeNet Luna Network HSM Hardware Installation"on page 10

SafeNet Remote PED installation and configuration

•"SafeNet Luna Remote PED Installation and Configuration"on page 26

SafeNet Luna Client software installation

•"SafeNet Luna HSM Client Software Installation"on page 32

Document information

This preface also includes the following information about this document:

•"Customer Release Notes"below

•"Audience"below

•"Document Conventions"on the next page

•"Support Contacts"on page 9

For information regarding the document status and revision history, see "Document Information"on page 2

Customer Release Notes

The customer release notes (CRN) provide important information about this release that is not included in the customer

documentation. Read the CRN to fully understand the capabilities, limitations, and known issues for this release. You

can view or download the latest version of the CRN from the Technical Support Customer Portal at

https://supportportal.gemalto.com.

Audience

This document is intended for personnel responsible for maintaining your organization's security infrastructure. This

includes SafeNet Luna HSM users and security officers, key manager administrators, and network administrators.

All products manufactured and distributed by Gemalto are designed to be installed, operated, and maintained by

personnel who have the knowledge, training, and qualifications required to safely perform the tasks assigned to them.

The information, processes, and procedures contained in this document are intended for use by trained and qualified

personnel only.

It is assumed that the users of this document are proficient with security concepts.

SafeNet Luna Network HSM Installation Guide

PREFACE About the Installation Guide

Document Conventions

This document uses standard conventions for describing the user interface and for alerting you to important information.

Notes

Notes are used to alert you to important or helpful information. They use the following format:

Note: Take note. Contains important or helpful information.

Cautions

Cautions are used to alert you to important information that may help prevent unexpected results or data loss. They use

the following format:

CAUTION: Exercise caution. Contains important information that may help prevent

unexpected results or data loss.

Warnings

Warnings are used to alert you to the potential for catastrophic data loss or personal injury. They use the following

format:

WARNING! Be extremely careful and obey all safety and security measures. In this

situation you might do something that could result in catastrophic data loss or

personal injury.

Command Syntax and Typeface Conventions

Format Convention

bold The bold attribute is used to indicate the following:

•Command-line commands and options (Type dir /p.)

•Button names (Click Save As.)

•Check box and radio button names (Select the Print Duplex check box.)

•Dialog box titles (On the Protect Document dialog box, click Yes.)

•Field names (User Name: Enter the name of the user.)

•Menu names (On the File menu, click Save.) (Click Menu >Go To >Folders.)

•User input (In the Date box, type April 1.)

italics In type, the italic attribute is used for emphasis or to indicate a related document. (See the

Installation Guide for more information.)

<variable> In command descriptions, angle brackets represent variables. You must substitute a value for

command line arguments that are enclosed in angle brackets.

SafeNet Luna Network HSM Installation Guide

PREFACE About the Installation Guide

Format Convention

[optional]

[<optional>]

Represent optional keywords or <variables> in a command line description. Optionally enter the

keyword or <variable> that is enclosed in square brackets, if it is necessary or desirable to

complete the task.

{a|b|c}

{<a>|<b>|<c>}

Represent required alternate keywords or <variables> in a command line description. You must

choose one command line argument enclosed within the braces. Choices are separated by vertical

(OR) bars.

[a|b|c]

[<a>|<b>|<c>]

Represent optional alternate keywords or variables in a command line description. Choose one

command line argument enclosed within the braces, if desired. Choices are separated by vertical

(OR) bars.

Support Contacts

Contact method Contact

Phone

(Subject to change. An up-to-

date list is maintained on the

Technical Support Customer

Portal)

Global +1 410-931-7520

Australia 1800.020.183

India 000.800.100.4290

Netherlands 0800.022.2996

New Zealand 0800.440.359

Portugal 800.863.499

Singapore 800.1302.029

Spain 900.938.717

Sweden 020.791.028

Switzerland 0800.564.849

United Kingdom 0800.056.3158

United States (800) 545-6608

Web https://safenet.gemalto.com

Technical Support Customer

Portal

https://supportportal.gemalto.com

Existing customers with a Technical Support Customer Portal account can log in

to manage incidents, get the latest software upgrades, and access the Knowledge

Base. To create a new account, click the Register link at the top of the page. You

will need your Customer Identifier number.

SafeNet Luna Network HSM Installation Guide

SafeNet Luna Network HSM Hardware

Installation

This chapter describes how to install and connect a SafeNet Luna Network HSM. To ensure a successful installation,

perform the following tasks in the order indicated:

1. Ensure that you have all of the required components, as listed in "SafeNet Luna Network HSM Required Items"on

the next page

2. If you plan to mount the hardware in an equipment rack, follow the instructions in "Rack-Mounting the SafeNet Luna

Network HSM"on page 16.

3. Install and connect the hardware, as described in "Installing the SafeNet Luna Network HSM Hardware"on page

SafeNet Luna Network HSM Installation Guide

1 SafeNet Luna Network HSM Hardware Installation

SafeNet Luna Network HSM Required Items

This section provides a list of the components you should have received with your SafeNet Luna Network HSM order.

The specific items you received depend on whether you ordered a password-authenticated or a PED-authenticated

SafeNet Luna Network HSM, and whether your order included a backup device or other options as described below.

Basic SafeNet Luna Network HSM order items

The standard items that you should have received as your basic order for a SafeNet Luna Network HSM are:

Qty Item

1 SafeNet Luna Network HSM Appliance

Your order should include one password-authenticated or PED-authenticated SafeNet Luna Network HSM.

The different HSM models appear physically identical.

2 Power Supply Cord

One for each power supply, with connectors appropriate to your region of operation.

1 Adapter Cable: RJ45 to USB with a standard eight-pin, eight connector (8P8C) modular connector

SafeNet Luna Network HSM Installation Guide

1 SafeNet Luna Network HSM Hardware Installation

Qty Item

Used to open a terminal connection to the HSM during initial configuration.

1 Front Ear Bracket Set

Set includes:

•2x front ear brackets

•4x bracket screws

1 Mounting Bracket Set

See "Using the Supplied Mounting Brackets"on page 16 for installation instructions. Set includes:

•2x side rails

SafeNet Luna Network HSM Installation Guide

1 SafeNet Luna Network HSM Hardware Installation

Qty Item

•8x side rail screws

•2x sliding rear brackets (fit into the rails for rear support adjustable positioning)

•8x 10/32 cage nuts

•8x rack screws

1 Secure Locking Bezel

For maximum physical security, this faceplate bezel can restrict access to the SafeNet Luna Network

HSM's front-facing inputs. Certain security standards require the use of these physical access measures.

Includes set of three (3) keys for each lock (locks are keyed differently). The keys cannot be removed from

the bezel while they are in the horizontal (unlocked) position.

PED-Authenticated SafeNet Luna Network HSM order items

If you ordered a PED-authenticated SafeNet Luna Network HSM, you should have received some combination of the

following items in addition to the items in the basic order.

Note that you can use PED keys that you already own and use with other HSMs -- PED keys can be used with multiple

HSMs if that is appropriate in your context. You should purchase the number of PEDs you need for your own

convenient operation, and for backup/standby units as your security policies might require.

Qty Item

1+ Standard or Remote-Capable Luna PED

Your order should include at least one PED device.

SafeNet Luna Network HSM Installation Guide

1 SafeNet Luna Network HSM Hardware Installation

Qty Item

If you intend to back up your SafeNet Luna Network HSM to a SafeNet Luna Backup HSM, then you require

a Luna PED to connect to that Backup HSM.

If you intend to combine remote operation and backup, you might prefer to have a second PED. It is possible

to use a single Luna PED for both connections, and to simply change between local and remote mode as

needed.

Note that you can use PED keys that you already own and use with other HSMs if appropriate. You should

purchase the number you need for your own convenient operation, and for backup/standby units as your

security policies might require.

1 Luna PEDcable

The PED device connects to your HSM using a Type A to Mini B USB cable .

1 Luna PED Power Supply Kit

If you ordered a Luna PED, your order should include a Luna PED power supply kit with the appropriate

connection for your region. The power supply is auto-sensing and includes replaceable mains plug modules

for international use.

1 Set of PED Keys and Labels

SafeNet Luna Network HSM Installation Guide

1 SafeNet Luna Network HSM Hardware Installation

Qty Item

Your order should include a set of iKey PED keys and peel-and-stick labels.

Optional Items

You may have also ordered one or more of these optional items:

Qty Item

1 Sliding Rail Rack Mounting Set

The SafeNet Luna Network HSM will fit into any standard 19-inch server rack. The optional sliding rail

mounts allow for easy removal and access to the rear face of the HSM. See "Using the Optional Sliding Rail

System"on page 19 for installation instructions. The set includes:

•2x sliding rail mounts with removable side rails

•2x transformer brackets

•4x round-headed mounting screws

•4x flat-headed mounting screws

•6x rail screws

1 SafeNet Luna Backup HSM

SafeNet Luna Network HSM Installation Guide

1 SafeNet Luna Network HSM Hardware Installation

Qty Item

You can back up your selected SafeNet Luna Network HSM partition contents (root keys, certificates, other

items) to a SafeNet Luna Backup HSM. The SafeNet Luna Backup HSM is suitable for off-site storage and

for backing up multiple HSM partitions. It can back up contents of password-authenticated or of PED-

authenticated HSMs. It must be initialized as one type or the other before the backup operation starts.

The SafeNet Luna Backup HSM can be connected directly to an HSM, or it can be connected to a separate

computer to back up remotely-located HSMs in conjunction with a Remote PED.

The authentication method for a backup HSM must match the authentication method (password or PED) for

any HSM with which it is used.

Rack-Mounting the SafeNet Luna Network HSM

The SafeNet Luna Network HSM appliance comes with front ear brackets, side rails, rear slider brackets, and the

necessary screws packed separately in the carton. You may also have ordered the optional sliding rail mounting

system. See "SafeNet Luna Network HSM Required Items"on page 11 for details. Instructions for installing both

systems are provided below:

•If you intend to use the supplied mounting brackets, see "Using the Supplied Mounting Brackets"below.

•If your order included the optional sliding rail mounting system, see "Using the Optional Sliding Rail System"on

page 19. The sliding rails are recommended for ease of installation and maintenance.

CAUTION: Do not attempt to mount the appliance using only the front brackets – damage can

occur.

Using the Supplied Mounting Brackets

Install and adjust the rails and brackets to suit your equipment rack. The standard mounting bracket set is designed for

use in racks with a maximum depth of 27 inches (686 mm). For racks larger than 27 inches, a mounting tray or shelf is

recommended.

Ensure you have all the necessary components before proceeding. In addition to the supplied components, you will

need:

•#2 Philips screwdriver

•hydraulic equipment lift

CAUTION: If you are installing the appliance in a rack without a mounting tray or shelf, ensure

that the appliance is supported at all times or damage may occur. Use of a hydraulic equipment

lift is strongly recommended. If you do not have access to a lift, you will need at least one

assistant to mount the appliance.

To mount the SafeNet Luna Network HSM hardware:

1. Install the two front ear mounting brackets on the HSM chassis using the included screws and a #2 Phillips

SafeNet Luna Network HSM Installation Guide

1 SafeNet Luna Network HSM Hardware Installation

screwdriver.

2. Install the eight included cage nuts into the rack space where you want to install the appliance. Ensure that they are

spaced correctly.

3. Install the two side rails on either side of the HSM chassis, using the included screws and a Phillips screwdriver.

Note how the sliding rear brackets fit into the side rails.

4. Install the two sliding rear brackets in your equipment rack using four of the rack mounting screws (included).

Note: While any standard equipment rack screws should fit the brackets, certain large-headed

screws may interfere with the operation of the secure locking bezel. To avoid this, use only the

screws included with the mounting bracket set.

SafeNet Luna Network HSM Installation Guide

1 SafeNet Luna Network HSM Hardware Installation

5. Using a hydraulic lift, raise the HSM to the level of the brackets and extend the lift into the rack.

CAUTION: Perform the next step from the rear of the server rack. Do not push the HSM off the

lift without supporting its rear end.

6. From the rear of the server rack, pull the appliance back towards you until the sliding rear brackets fit into the side

rails. Pull the appliance back onto the rear brackets until the front ear brackets meet the equipment rack.

CAUTION: Support the weight of the appliance with the hydraulic lift until all four brackets are

secured.

7. Secure the front ear brackets using the last four included rack mounting screws.

SafeNet Luna Network HSM Installation Guide

1 SafeNet Luna Network HSM Hardware Installation

See "SafeNet Luna Network HSM Hardware Installation"on page 10 to continue the installation process.

Using the Optional Sliding Rail System

The optional sliding rail system allows for the appliance to be extended out in front of the equipment rack, possibly

easing access to other racked appliances. This should rarely be necessary. After configuration, the SafeNet Luna

Network HSM should remain secured in the rack with the locking bezel installed. Some security standards require the

use of this bezel. Leaving the HSM uncovered for ease of access may compromise security.

The sliding rail mounts should fit into any standard 19" equipment rack.

Ensure you have all the necessary components before proceeding. In addition to the supplied components, you will

need a #2 Philips screwdriver.

To mount the SafeNet Luna Network HSM hardware:

1. Install the two front ear mounting brackets on the HSM chassis using the included screws and a #2 Phillips

screwdriver.

2. Fit the front end of each mount into either side of the rack and pull the spring-loaded latch at the rear to snap it in

place.

SafeNet Luna Network HSM Installation Guide

1 SafeNet Luna Network HSM Hardware Installation

3. Secure the rear end of each mount to the rack with one of the four wide flat-headed screws.

4. Fasten the transformer bracket to each sliding mount with the remaining two wide flat-headed screws.

5. Loosely thread two of the six smaller flat-headed screws into each side of the SafeNet Luna Network HSM. Fit

SafeNet Luna Network HSM Installation Guide

Table of contents

Other Gemalto Network Hardware manuals

Gemalto

Gemalto Cinterion User manual

Popular Network Hardware manuals by other brands

Milestone Systems

Milestone Systems Husky M30 Administrator's manual

Extron electronics

Extron electronics HSA 400 user manual

TBK vision

TBK vision TBK-NVR2300 Series user manual

Avigilon

Avigilon AI NVR installation guide

Linksys

Linksys WET54G V3 Quick installation

Fluke

Fluke Premium 3 quick start guide

Infoblox

Infoblox SoT-1405 Series installation guide

Vivotek

Vivotek NR8201 Quick installation guide

Ubiquiti

Ubiquiti M900 quick start guide

WIN Enterprises

WIN Enterprises PL-80610 user manual

HF Gport-G43 user manual

Phihong

Phihong POE125U manual

Aetina

Aetina Jetson Platform AIB-SN31-1-A1 user manual

Buffalo

Buffalo LinkStation Pro LS-300GL Specifications

Teletronics International

Teletronics International EZ Bridge 802.11G Product guide

Hughes

Hughes HughesNet Fusion Multipath instructions

Acrosser Technology

Acrosser Technology AND-DNV3N1 Series user manual

Net Optics

Net Optics RGN-50SR-IL8 Technical specifications

Gemalto SafeNet Luna Network HSM 7.0 User manual

Popular Network Hardware manuals by other brands