Thales SafeNet Luna Network HSM 7.3 Instruction Manual
SafeNet Luna Network HSM7.3
APPLIANCE ADMINISTRATION GUIDE
Document Information
Product Version 7.3
Document Part Number 007-013576-005
Release Date 13 December 2019
Revision History
Revision Date Reason
Rev. A 13 December 2019 Initial release.
Trademarks, Copyrights, and Third-Party Software
Copyright 2001-2019 Thales. All rights reserved. Thalesand the Thales logo are trademarks and service
marks of Thalesand/or its subsidiaries and are registered in certain countries. All other trademarks and service
marks, whether registered or not in specific countries, are the property of their respective owners.
Disclaimer
All information herein is either public information or is the property of and owned solely by Thales and/or its
subsidiaries who shall have and keep the sole right to file patent applications or any other kind of intellectual
property protection in connection with such information.
Nothing herein shall be construed as implying or granting to you any rights, by license, grant or otherwise,
under any intellectual and/or industrial property rights of or concerning any of Thales’s information.
This document can be used for informational, non-commercial, internal, and personal use only provided that:
>The copyright notice, the confidentiality and proprietary legend and this full warning notice appear in all
copies.
>This document shall not be posted on any publicly accessible network computer or broadcast in any media,
and no modification of any part of this document shall be made.
Use for any other purpose is expressly prohibited and may result in severe civil and criminal liabilities.
The information contained in this document is provided “AS IS” without any warranty of any kind. Unless
otherwise expressly agreed in writing, Thalesmakes no warranty as to the value or accuracy of information
contained herein.
The document could include technical inaccuracies or typographical errors. Changes are periodically added to
the information herein. Furthermore, Thalesreserves the right to make any change or improvement in the
specifications data, information, and the like described herein, at any time.
Thales hereby disclaims all warranties and conditions with regard to the information contained herein,
including all implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In
no event shall Thales be liable, whether in contract, tort or otherwise, for any indirect, special or consequential
SafeNet Luna Network HSM 7.3 Appliance Administration Guide
007-013576-005 Rev. A 13 December 2019 Copyright 2001-2019 Thales 2
damages or any damages whatsoever including but not limited to damages resulting from loss of use, data,
profits, revenues, or customers, arising out of or in connection with the use or performance of information
contained in this document.
Thales does not and shall not warrant that this product will be resistant to all possible attacks and shall not
incur, and disclaims, any liability in this respect. Even if each product is compliant with current security
standards in force on the date of their design, security mechanisms' resistance necessarily evolves according
to the state of the art in security and notably under the emergence of new attacks. Under no circumstances,
shall Thalesbe held liable for any third party actions and in particular in case of any successful attack against
systems or equipment incorporating Thales products. Thalesdisclaims any liability with respect to security for
direct, indirect, incidental or consequential damages that result from any use of its products. It is further
stressed that independent testing and verification by the person using the product is particularly encouraged,
especially in any application in which defective, incorrect or insecure functioning could result in damage to
persons or property, denial of service, or loss of privacy.
All intellectual property is protected by copyright. All trademarks and product names used or referred to are the
copyright of their respective owners. No part of this document may be reproduced, stored in a retrieval system
or transmitted in any form or by any means, electronic, mechanical, chemical, photocopy, recording or
otherwise without the prior written permission of Thales Group.
Regulatory Compliance
This product complies with the following regulatory regulations. To ensure compliancy, ensure that you install
the products as specified in the installation instructions and use only Thales-supplied or approved accessories.
USA, FCC
This equipment has been tested and found to comply with the limits for a “Class B” digital device, pursuant to
part 15 of the FCC rules.
Canada
This class B digital apparatus meets all requirements of the Canadian interference-causing equipment
regulations.
Europe
This product is in conformity with the protection requirements of EC Council Directive 2014/30/EU. This product
satisfies the CLASS B limits of EN55032.
SafeNet Luna Network HSM 7.3 Appliance Administration Guide
007-013576-005 Rev. A 13 December 2019 Copyright 2001-2019 Thales 3
CONTENTS
Preface: About the Appliance Administration Guide 6
Customer Release Notes 7
Audience 7
Document Conventions 7
Support Contacts 8
Chapter 1: Appliance Hardware Functions 10
Physical Features 10
Front-panel LCD Display 12
Appliance State and Status Codes 13
System Behavior with Hardware Tamper Events 15
Tampering with the Appliance 15
Decommission 16
What Happens When You Tamper - Including Opening the Fan Bay 16
Summary of Your Responses to Tamper Events 19
Power-on, Power-off, or Reboot the Appliance 19
Power On 19
Power Off 20
Reboot 20
Hard Reboot 20
Automatic Restart Following a Power Interruption 21
Power Supply and Fan Maintenance 21
Replacing a Power Supply 21
The Fans 23
Summary 26
HSM Emergency Decommission Button 27
What the Emergency Decommission Button Does 27
Disabling Decommissioning 28
When to Use the Emergency Decommission Button 28
Serial Connections 28
Serial Pinout 30
Troubleshooting 30
Front Locking Bezel 30
Replacement Keys 31
Power Consumption 32
Chapter 2: Client Connections 33
Connections to the Appliance - Limits 33
SafeNet Luna Network HSM Port Usage 33
SafeNet Luna Network HSM Appliance Port Bonding 34
Using Port Bonding 34
SafeNet Luna Network HSM 7.3 Appliance Administration Guide
007-013576-005 Rev. A 13 December 2019 Copyright 2001-2019 Thales 4
Client Startup Delay Across Mixed Subnets 35
SSH Public-Key Authentication 35
Public Key Authentication to a SafeNet Appliance Using UNIX SSH Clients 35
Set up Public-Key SSH access for other SafeNet Luna Network HSM users 37
When to Restart NTLS 38
NTLS (SSL) Performance Issue 39
Timeouts 39
SSH Timeout 39
NTLS Timeout 39
Chapter 3: Timestamping – NTP and Clock Drift 41
Setting the Time Zone 41
Examples 41
Correcting Clock Drift Manually 42
NTP on SafeNet Luna Network HSM 43
Connecting to a Public NTP Server 43
Securing Your NTP Connection 44
References 45
Chapter 4: System Logging 46
About System Logging 46
Log Severity Levels 46
Hardware Monitoring and Logging 47
Configuring System Logging 47
Rotating System Logs 47
Customizing Severity Levels 48
Reading System Logs 49
Exporting System Logs 50
Deleting System Logs 51
Remote System Logging 51
Chapter 5: Backing Up the Appliance Configuration 54
Backing Up and Restoring Your Appliance Service Configuration 54
Example of Backing Up and Restoring Your Appliance Configuration 56
Backing Up the Appliance Configuration to the HSM 59
SafeNet Luna Network HSM 7.3 Appliance Administration Guide
007-013576-005 Rev. A 13 December 2019 Copyright 2001-2019 Thales 5
PREFACE: About the Appliance
Administration Guide
The maintenance and administrative tasks in this document are primarily for the SafeNet Luna Network HSM
appliance, outside of the HSM. HSM administrative tasks are described in the SafeNet Luna HSM
Administration Guide.Some activities might encompass both portions of the SafeNet Luna HSM server.
As an HSM Server, SafeNet Luna Network HSM provides increased operational flexibility over traditional
HSMs. The SafeNet Luna Network HSM appliance includes an integrated FIPS 140-2 level 3 HSM, the SafeNet
K6 Cryptographic Engine, which offers the same high level of security as traditional HSMs.
The HSM appliance that you have purchased has been factory configured to authenticate as either:
>Password Authentication version (equivalent to FIPS 140-2 level 2, using passwords, only, for
authentication and access control.
>PED (Trusted Path) Authentication version that requires the PED and PED Keys for authentication and
access control.
The HSM appliance adds a secure service layer (NTLS and STC) that allows the SafeNet Cryptographic
Engine (the HSM inside the appliance) to be shared as a service to network applications. Like traditional
servers that provide e-mail, web pages, and file download (FTP) services to authenticated clients, the HSM
appliance offers HSM services to clients on the network.
As an Ethernet-attached device, the HSM appliance can be shared among many applications on a network.
Rather than requiring many HSMs to fulfill the security demands of many applications, one HSM appliance can
be shared among many applications simultaneously.
This document contains the following chapters:
>"Appliance Hardware Functions"on page10
>"Client Connections"on page33
>"Timestamping – NTP and Clock Drift"on page41
>"System Logging"on page46
>"Backing Up the Appliance Configuration"on page54
This preface also includes the following information about this document:
>"Customer Release Notes"on the next page
>"Audience"on the next page
>"Document Conventions"on the next page
>"Support Contacts"on page8
For information regarding the document status and revision history, see "Document Information"on page2.
SafeNet Luna Network HSM 7.3 Appliance Administration Guide
007-013576-005 Rev. A 13 December 2019 Copyright 2001-2019 Thales 6
Preface: About the Appliance Administration Guide
Customer Release Notes
The customer release notes (CRN) provide important information about this release that is not included in the
customer documentation. Read the CRN to fully understand the capabilities, limitations, and known issues for
this release. You can view or download the latest version of the CRN from the Technical Support Customer
Portal at https://supportportal.gemalto.com.
Audience
This document is intended for personnel responsible for maintaining your organization's security
infrastructure. This includes SafeNet Luna Network HSM users and security officers, key manager
administrators, and network administrators.
All products manufactured and distributed by Thales Group are designed to be installed, operated, and
maintained by personnel who have the knowledge, training, and qualifications required to safely perform the
tasks assigned to them. The information, processes, and procedures contained in this document are intended
for use by trained and qualified personnel only.
It is assumed that the users of this document are proficient with security concepts.
Document Conventions
This document uses standard conventions for describing the user interface and for alerting you to important
information.
Notes
Notes are used to alert you to important or helpful information. They use the following format:
NOTE Take note. Contains important or helpful information.
Cautions
Cautions are used to alert you to important information that may help prevent unexpected results or data loss.
They use the following format:
CAUTION! Exercise caution. Contains important information that may help prevent
unexpected results or data loss.
Warnings
Warnings are used to alert you to the potential for catastrophic data loss or personal injury. They use the
following format:
SafeNet Luna Network HSM 7.3 Appliance Administration Guide
007-013576-005 Rev. A 13 December 2019 Copyright 2001-2019 Thales 7
Preface: About the Appliance Administration Guide
**WARNING** Be extremely careful and obey all safety and security measures. In
this situation you might do something that could result in catastrophic data loss or
personal injury.
Command Syntax and Typeface Conventions
Format Convention
bold The bold attribute is used to indicate the following:
>Command-line commands and options (Type dir /p.)
>Button names (Click Save As.)
>Check box and radio button names (Select the Print Duplex check box.)
>Dialog box titles (On the Protect Document dialog box, click Yes.)
>Field names (User Name: Enter the name of the user.)
>Menu names (On the File menu, click Save.) (Click Menu >Go To >Folders.)
>User input (In the Date box, type April 1.)
italics In type, the italic attribute is used for emphasis or to indicate a related document. (See the
Installation Guide for more information.)
<variable> In command descriptions, angle brackets represent variables. You must substitute a value for
command line arguments that are enclosed in angle brackets.
[optional]
[<optional>]
Represent optional keywords or <variables> in a command line description. Optionally enter the
keyword or <variable> that is enclosed in square brackets, if it is necessary or desirable to
complete the task.
{a|b|c}
{<a>|<b>|<c>}
Represent required alternate keywords or <variables> in a command line description. You must
choose one command line argument enclosed within the braces. Choices are separated by vertical
(OR) bars.
[a|b|c]
[<a>|<b>|<c>]
Represent optional alternate keywords or variables in a command line description. Choose one
command line argument enclosed within the braces, if desired. Choices are separated by vertical
(OR) bars.
Support Contacts
If you encounter a problem while installing, registering, or operating this product, please refer to the
documentation before contacting support. If you cannot resolve the issue, contact your supplier or Thales
Customer Support.
Thales Customer Support operates 24 hours a day, 7 days a week. Your level of access to this service is
governed by the support plan arrangements made between Thales and your organization. Please consult this
support plan for further information about your entitlements, including the hours when telephone support is
available to you.
SafeNet Luna Network HSM 7.3 Appliance Administration Guide
007-013576-005 Rev. A 13 December 2019 Copyright 2001-2019 Thales 8
Preface: About the Appliance Administration Guide
Customer Support Portal
The Customer Support Portal, at https://supportportal.thalesgroup.com, is where you can find solutions for
most common problems. The Customer Support Portal is a comprehensive, fully searchable database of
support resources, including software and firmware downloads, release notes listing known problems and
workarounds, a knowledge base, FAQs, product documentation, technical notes, and more. You can also use
the portal to create and manage support cases.
NOTE You require an account to access the Customer Support Portal. To create a new
account, go to the portal and click on the REGISTER link.
Telephone
The support portal also lists telephone numbers for voice contact (Contact Us).
SafeNet Luna Network HSM 7.3 Appliance Administration Guide
007-013576-005 Rev. A 13 December 2019 Copyright 2001-2019 Thales 9
CHAPTER 1: Appliance Hardware Functions
This chapter describes the administrative and maintenance tasks you can perform directly on the SafeNet
Luna Network HSM hardware. It contains the following sections:
>"Physical Features"below
>"Front-panel LCD Display"on page12
>"System Behavior with Hardware Tamper Events"on page15
>"Power-on, Power-off, or Reboot the Appliance"on page19
>"Power Supply and Fan Maintenance"on page21
>"HSM Emergency Decommission Button"on page27
>"Serial Connections"on page28
>"Front Locking Bezel"on page30
>"Power Consumption"on page32
Physical Features
The SafeNet Luna Network HSM is 1U high and fits into standard 19-inch equipment racks.
Front Panel
The front panel is illustrated below, with the secure locking bezel removed:
SafeNet Luna Network HSM 7.3 Appliance Administration Guide
007-013576-005 Rev. A 13 December 2019 Copyright 2001-2019 Thales 10
Chapter 1: Appliance Hardware Functions
Item Name Description
AFront ear brackets Connect to the front of the appliance chassis with the provided screws, allowing it
to be mounted in a standard 19-inch equipment rack. The extending tabs act as
posts for the locking bezel.
BMounts for locking
bezel
The secure locking bezel connects to the appliance faceplate here.
CFront-panel display Displays basic configuration and status information for the appliance. See also
"Front-panel LCD Display"on the next page
DUSB 3.0 ports The appliance has a total of four (4) USB 3.0 ports (two on the front panel and two
on the back), for connecting to such devices as card readers and backup HSMs.
EStart/stop switch Powers the appliance on or off. See also "Power-on, Power-off, or Reboot the
Appliance"on page19.
FFan status LEDs The appliance has three (3) cooling fans. If these lights are illuminated, the fans are
working correctly.
GVentilation fan filter
cover
Removable cover allows cleaning of air filter. See also "Power Supply and Fan
Maintenance"on page21.
HFan bay securing
screw
Torx screw secures the fan bay.
CAUTION! Opening to swap fan modules triggers a tamper event on
the appliance. See also "Power Supply and Fan Maintenance"on
page21.
Rear Panel
The rear panel is illustrated below:
Item Name Description
ASliding rail brackets Connect to the sliding rails mounted on the sides of the appliance chassis,
allowing it to be mounted in a standard 19-inch appliance rack.
BKensington lock
connector
Allows the appliance to be secured to a desk or equipment rack using a Kensington
lock.
SafeNet Luna Network HSM 7.3 Appliance Administration Guide
007-013576-005 Rev. A 13 December 2019 Copyright 2001-2019 Thales 11
Chapter 1: Appliance Hardware Functions
Item Name Description
CHSM card USB port When authenticating with a PED, the PED must be connected directly to the HSM
card. The other USB ports on the appliance will not work for PED connection.
DLAN ports The appliance has a total of four (4) 1Gbit LANports that can be bonded in active-
backup mode. They are labeled on the illustration above as follows:
>Bond0: eth0 and eth1
>Bond1: eth2 and eth3
EUSB 3.0 ports The appliance has a total of four (4) USB 3.0 ports (two on the front panel and two
on the back), for connecting to such devices as card readers and backup HSMs.
FRJ45 serial port Connect a terminal to this port using the included RJ45 to USB cable (see
"SafeNet Luna Network HSM Required Items"on page1). See also "Installing the
SafeNet Luna Network HSM Hardware"on page1.
GDecommission button This button should only be pressed as part of decommissioning and zeroizing the
appliance. See also "Declassify or Decommission the HSM Appliance"on page1.
HPower supplies Connect the appliance to power. For proper redundancy and best reliability, the
power cables should connect to two completely independent power sources. See
also "Power Supply and Fan Maintenance"on page21.
Front-panel LCD Display
The LCD on front panel of the SafeNet Luna Network HSM provides basic configuration and status information
for the appliance. The LCD is split horizontally into three sections as follows:
Figure 1: The LCD display
SafeNet Luna Network HSM 7.3 Appliance Administration Guide
007-013576-005 Rev. A 13 December 2019 Copyright 2001-2019 Thales 12
Chapter 1: Appliance Hardware Functions
Top Displays the current IP address configuration of the Ethernet ports on the appliance.
If a port is configured, its IP address is displayed. If the port is not configured, the string "not configured" is
displayed. This section automatically cycles between ports eth0 and eth1, and ports eth2 and eth3.
The icons indicate the connection status of the port, as follows:
An Ethernet cable is connected to the port.
An Ethernet cable is not connected to the port.
Middle Automatically cycles between displaying the following information:
>Software (SW) and firmware (FW) versions currently installed on the appliance
>Appliance host name
>HSMlabel and HSMserial number
Bottom Displays the current appliance state and status codes, as detailed in "Appliance State and Status
Codes"below.
The icon shading indicates the appliance state, as follows:
The appliance state is normal, indicated by dark text on a light background.
The appliance state is not normal, indicated by light text on a dark background.
Appliance State and Status Codes
The bottom section of the LCD displays the current appliance state and related status codes. The state can be
one of the following.
ISO In Service Operational. The appliance is operating normally.
All services are running and the appliance is providing encryption/signing services as expected.
IST In Service Trouble. The appliance is operational, but is experiencing a fault condition.
The required services are operational and the appliance is able to provide encryption/signing services, but
some services, such as SSH, are not running.
OOS Out of Service. The appliance is not operational.
The appliance is online but one or more required services are not operational. The appliance is not providing
service.
OFL Offline. There is no network connectivity to the appliance.
In this service state the appliance is not currently connected to the network and cannot provide service.
Status Codes
Each state is associated with one or more status codes, which provide additional information about the status
of the appliance. For example, if there are no faults detected, the display indicates that the appliance is in
service (ISO), with status code 0, so the display reads "ISO 0."
SafeNet Luna Network HSM 7.3 Appliance Administration Guide
007-013576-005 Rev. A 13 December 2019 Copyright 2001-2019 Thales 13
Chapter 1: Appliance Hardware Functions
The codes are listed in the following table. You can also use the LunaSH status sysstat code all command to
display a list of the possible status codes.
If one or more faults have been detected, the display shows the most severe status code until that fault has
been corrected, then it displays the next most severe status code, until all errors have been corrected.
NOTE Not all faults are serious. Some might merely indicate that an available service is not
running because you chose not to run it.
The displayed messages update following a scan of selected system conditions, approximately every 15
seconds. If you have fixed a fault that caused an error, the display should clear the error indication at the next
update. If the display continues to show the error message, then the fault may have re-occurred and you
should investigate.
State Status Description
ISO 0 In Service Operational. No trouble.
60 In Service Operational. The eth0 interface is offline.
Use the LunaSH network show and service status network commands to display more
information about the status of the network interfaces.
61 In Service Operational. The eth1 interface is offline.
Use the LunaSH network show and service status network commands to display more
information about the status of the network interfaces.
62 In Service Operational. The eth2 interface is offline.
Use the LunaSH network show and service status network commands to display more
information about the status of the network interfaces.
63 In Service Operational. The eth3 interface is offline.
Use the LunaSH network show and service status network commands to display more
information about the status of the network interfaces.
80 In Service Operational. The STC service is not running.
Use the LunaSH service status stc command to display more information about the status of the
STC service.
95 In Service Operational. The webserver service is not running. The REST API is not available.
Use the LunaSH service status webserver command to display more information about the
status of the webserver service.
100 In Service Operational. The SNMP service is not running.
Use the LunaSH service status snmp command to display more information about the status of
the SNMP subsystem.
SafeNet Luna Network HSM 7.3 Appliance Administration Guide
007-013576-005 Rev. A 13 December 2019 Copyright 2001-2019 Thales 14
Chapter 1: Appliance Hardware Functions
State Status Description
OOS 20 Out of Service. The NTLS service is not running.
Use the LunaSH service status ntls command to display more information about the status of the
NTLS service.
25 Out of Service. The NTLS service is not bound to an Ethernet device.
Use the LunaSH service status ntls command to display more information about the status of the
NTLS service, and the syslog tail command to view the system logs to help troubleshoot the
issue.
30 Out of Service. The HSM service has experienced one or more errors or critical events.
Use the LunaSH hsm information show and syslog tail commands help troubleshoot the issue.
OFL 50 Off Line. None of the Ethernet interfaces are connected to the network.
Use the LunaSH network show command to display more information about the status of the
network, and the syslog tail command to view the system logs to help troubleshoot the issue.
IST 70 In Service Trouble. The syslog service is not running.
Use the LunaSH service status syslog command to display more information about the status of
the syslog service, and the syslog tail command to view the system logs to help troubleshoot the
issue.
90 In Service Trouble. The SSH service is not running.
Use the LunaSH service status ssh command to display more information about the status of the
syslog service, and the syslog tail command to view the system logs to help troubleshoot the
issue.
110 In Service Trouble. Hard disk utilization is too high.
Use the LunaSH syslog tarlogs command to create a tar archive of the logs and then use scp to
transfer the log archive from the appliance to a remote computer for archiving.
NOTE The LCD initially shows the Gemalto logo when it (re)starts, and then displays the
status information for the appliance. If you find that the LCD is failing to update, you may need
to restart it using the service commands for the sysstat service (service start sysstat,
service stop sysstator service restart sysstat). You can also disconnect and reconnect
the power from the appliance to restart the LCD.
System Behavior with Hardware Tamper Events
The SafeNet appliance uses the Master Tamper Key (a key on the HSM that encrypts everything on the HSM)
to deal with both hardware (physical) tamper events and Secure Transport Mode.
Tampering with the Appliance
Hardware tamper events are detectable events that imply intrusion into the appliance interior.
SafeNet Luna Network HSM 7.3 Appliance Administration Guide
007-013576-005 Rev. A 13 December 2019 Copyright 2001-2019 Thales 15
Chapter 1: Appliance Hardware Functions
One such event is removal of the lid (top cover). The lid is secured by anti-tamper screws, so any event that lifts
that lid is likely to be a serious intrusion.
Another event that is considered tampering is opening of the bay containing the ventilation fans.
You can use the thumbscrew to access the mesh air filter in front of the fans, without disturbing the system.
However, if you open the fan-retaining panel behind that, which requires a Torx #8 screwdriver, then the
system registers a tamper.
Therefore, cleaning of the filter is encouraged, especially if you work in a dusty environment, but fan module
removal and replacement are discouraged unless you have good reason to suspect that a fan module is faulty.
See "Power Supply and Fan Maintenance"on page21 for more information.
Decommission
The red "Decommission" button recessed behind the back panel is not a tamper switch. Its purpose is different.
See "HSM Emergency Decommission Button"on page27 for a description.
What Happens When You Tamper - Including Opening the Fan Bay
The following sequence illustrates how a tamper event affects the HSM and your use of it. You do not need to
perform all these steps. Many are included for illustrative purposes and to emphasize the state of the appliance
and of the enclosed HSM at each stage.
Action Result/State
First, we place the HSM in its basic operational condition (we reset only to have a clean starting point for this
illustration).
hsm
factoryReset
Starting point
hsm initialize Basic setup of HSM
Next, we illustrate a software "tamper" (destroying the MTK by setting the HSM into Transport Mode)
stm transport Enable Secure Transport Mode.
hsm show Basic HSM info remains undisturbed.
partition list None have been created since initialization, above.
partition create Attempt to create a partition - doesn't work; must be logged in as SO.
hsm login No, can't do that either: LUNA_RET_MTK_ZEROIZED
stm recover Log in to the HSM and HSM SO and recover from Secure TransportMode.
Also, the PED presents the Transport Mode verification string.
SafeNet Luna Network HSM 7.3 Appliance Administration Guide
007-013576-005 Rev. A 13 December 2019 Copyright 2001-2019 Thales 16
Chapter 1: Appliance Hardware Functions
Action Result/State
hsm login This time, it works.
partition create Partition is created.
partition list Confirm that the created partition is there - you have confirmed that you have successfully set
Secure Transport Mode, then recovered from it. The HSM is unusable while in STM, but is fully
restored to its previous state when you recover from STM.
Now, we illustrate a hardware tamper (by physically interfering with the appliance as an intruder might do)
open the fan bay
(with a Torx #8
screwdriver)
The HSM stops responding as the vkd (HSMdriver) times out [the command-line prompt is still
available until you issue a command that attempts to access the HSM, at which point the driver
goes into time-out] - the entire system stops responding for approximately ten minutes (you can
wait it out, or you can reboot) - the system has detected a tamper event
(system
resumes)
run sysconf
appliance
reboot or press
the restart
[Stop/Start]
switch on the
back panel
(If you wait until the system becomes responsive on its own, issue sysconf appliance reboot; if
you simply restart with the switch, that's the same thing, but faster.)
when the
system is back
up, run
hsm show
Check for HSMTampered:Yes or No
SafeNet Luna Network HSM 7.3 Appliance Administration Guide
007-013576-005 Rev. A 13 December 2019 Copyright 2001-2019 Thales 17
Chapter 1: Appliance Hardware Functions
Action Result/State
view the logs The audit log shows events like:
lunash:>audit log tail -f hsm_150073_00000001.log
133098,13/01/28 14:39:37,S/N 150073 HSM with S/N 150073 logged the
following internal event: LOG: resync(0x0000002e)
133099,13/01/28 14:47:15,S/N 150073 HSM with S/N 150073 logged the
following internal event: TVK was corrupted.(0x00000027)
133100,13/01/28 14:47:15,S/N 150073 HSM with S/N 150073 logged the
following internal event: Existing Auto-Activation data won't work(0x00000029)
133101,13/01/28 14:47:15,S/N 150073 HSM with S/N 150073 logged the
following internal event: Generating new TVK...passed(0x0000002a)
133102,13/01/28 14:47:15,S/N 150073 HSM with S/N 150073 logged the
following internal event: RESTART(0x0000002f)
133103,13/01/28 14:47:35,S/N 150073 HSM with S/N 150073 logged the
following internal event: LOG: resync(0x0000002e)
Command Result : 0 (Success)
hsm tamper
show
WARNING - Tamper(s) Detected
hsm login not permitted:
LUNA_RET_MTK_ZEROIZED
hsm tamper
clear
Clear the HSM tamper. The HSMSO must be logged in to issue this command.
hsm login This time, it works.
partition list Confirm that the pre-existing partition is present.
partition
showContents
Confirm that any pre-existing partition contents are there.
Next, we illustrate what happens when a physical tamper occurs while the HSM is already in Secure Transport Mode
stm transport Enter SecureTransport Mode.
hsm tamper
show
lunash:>hsm tamper show
No active tampers.
Command Result : 0 (Success)
SafeNet Luna Network HSM 7.3 Appliance Administration Guide
007-013576-005 Rev. A 13 December 2019 Copyright 2001-2019 Thales 18
Chapter 1: Appliance Hardware Functions
Action Result/State
Open the
appliance lid, or
open the fan bay
(opening the lid
would damage
the chassis and
void your
warranty, this is
for example
purposes only)
The HSM stops responding when you enter an HSM command,
or it gives an error message (any of several, depending on what it was doing
at the time) and then stops responding.
Summary of Your Responses to Tamper Events
If you have a password-authenticated HSM, or if you have a PED-authenticated HSM, then both splits of the
MTK reside always on the HSM.
The MTK is destroyed by a tamper event, and the HSM becomes unresponsive. When you react to this by
rebooting the appliance, the HSM has both splits available and can immediately reconstitute the MTK and go
on operating normally, without further intervention from you.
Power-on, Power-off, or Reboot the Appliance
This section describes how to power-on, power-off, or reboot the appliance. It contains the following sections:
>"Power On"below
>"Power Off"on the next page
>"Reboot"on the next page
>"Hard Reboot"on the next page
>"Automatic Restart Following a Power Interruption"on page21
Power On
On the back panel, ensure that the power supplies are connected and working - the green LED on each power
supply glows steadily when in operation.
If the appliance does not immediately begin to start up, press and release the START/STOP switch on the
front panel.
The HSM appliance begins to power up.
SafeNet Luna Network HSM 7.3 Appliance Administration Guide
007-013576-005 Rev. A 13 December 2019 Copyright 2001-2019 Thales 19
Chapter 1: Appliance Hardware Functions
If power was removed while the system was on (either a power failure, or the power cable was disconnected),
the system restarts without a button press. This behavior allows unattended resumption of activity after power
interruption.
The front-panel LCD begins showing activity, then settles into the ongoing system status display once the
appliance has completed its boot-up and self-test activity. See "Front-panel LCD Display"on page12 in the
Appliance Administration Guide.
Power Off
To power-off the HSM appliance locally, press and release the START/STOP switch. Do not hold it in. The HSM
appliance then performs an orderly shutdown (that is, it closes the file system and shuts down services in
proper order for the next startup). This takes approximately 30 seconds to complete. In the unlikely event that
the system freezes and does not respond to a momentary “STOP” switch-press, then press and hold the
START/STOP switch for five seconds. This is an override that forces immediate shutoff.
CAUTION! Never disconnect the power by pulling the power plug. Always use the
START/STOP switch.
To switch off the HSM appliance from the LunaSH command line, use the command sysconf appliance
poweroff.
Reboot
To perform a system restart, you can switch the power off and then on again using the momentary-contact
START/STOP switch on the front panel of the system, or issue the sysconf appliance reboot command.
To switch off the system, issue the sysconf appliance poweroff command, or use the START/STOP switch
on the SafeNet Luna Network HSM front panel:
>If you issue the poweroff command, the system requests that you confirm by typing "proceed". After you
type "proceed", the system returns a success message. From that point the orderly shutdown takes 15 to
20 seconds.
>After you momentarily press and release the START/STOP switch, the system performs a graceful
shutdown, which takes 15 to 20 seconds.
If the system does not appear to be properly shutting down, then press and hold the front-panel START/STOP
switch, which forces an immediate shutdown. This is not normally required, and should never be done unless it
is required, since it bypasses the normal, graceful file-system closing and shutdown procedure.
Hard Reboot
The commands sysconf appliance reboot and sysconf appliance poweroff are preferred when you have
easy physical access to the appliance, because they perform orderly shutdown, but you can access the
START/STOP button if the commands fail.
For situations where you do not have convenient local access to the START/STOP button on the appliance, the
preferred command choice is sysconf appliance hardreboot.
>The disadvantage is that the shutdown is abrupt and not orderly - in a constrained and hardened system
like SafeNet Luna Network HSM, any risk is minimal, but not zero.
SafeNet Luna Network HSM 7.3 Appliance Administration Guide
007-013576-005 Rev. A 13 December 2019 Copyright 2001-2019 Thales 20
Table of contents
Other Thales Security System manuals
Popular Security System manuals by other brands
DPS Telecom
DPS Telecom NetGuardian 480 user manual
Honeywell
Honeywell LYNX Touch L7000 Series quick guide
Teletek electronics
Teletek electronics CM 120 R Installation and programming manual
MOOSE
MOOSE Z700 Installation and programming guide
EVA Logik
EVA Logik ZW15 manual
Honeywell
Honeywell Galaxy 8 user guide
Radio Shack
Radio Shack Wireless Key-Lock Door/Window Alarm 49-118 user guide
Federal Signal Corporation
Federal Signal Corporation e-Q2B Installation maintenance and service manual
Aiphone
Aiphone AVD-S Specifications
Cooper Security
Cooper Security Scantronic i-on160EXEUR User & Administrator Guide
Smanos
Smanos X300 user manual
Pyronix
Pyronix HOMECONTROLHUB user guide
