1. Manuals
  2. Brands
  3. SafeNet Manuals
  4. Server
  5. Luna SA
  6. Configuration manual

SafeNet Luna SA Configuration Manual page 66

Hide thumbs
Table of Contents

Advertisement

Note: You can also make additional copies of a PED Key at any time, using the PED's own
"Admin" menu. This does not require you to log into the HSM or issue commands from the
appliance - the PED needs to be connected only to have power supplied to it when you are
using the onboard PED menus. One implication of this ability is that you must maintain strict
oversight and control of your PED Keys at all times, so that you can be sure that you know how
many copies of a given PED Key exist, where they are, and in whose possession.
Creating a Cloning Domain
You create the domain for future cloning of the HSM, or you adopt the domain from a previous token or Luna HSM, so
that the current Luna HSM (or token) can clone with the previous. A common domain (common between HSM and
Backup HSM) is required for HSM backups.
If the red PED Key is blank, then Luna PED goes ahead and imprints a domain, which is matched on the HSM.
However, if Luna PED detects that the red PED Key contains data, then Luna PED now needs to know:
a.
If the domain data on the key should be preserved as valid, and recorded on the current HSM or token
[What to do - This allows the PED Key to work with both the previous and the current HSM or token – that is, they will
all share the same cloning/backup domain. Therefore, to preserve the existing domain answer "YES" to "...reuse an
existing keyset?") ]
OR
b.
If the domain data that was found on the red key must be overwritten with a new domain that is exclusive to the
current HSM or token
[What to do - This prevents the red key from working with any previous HSM or token. To overwrite and create a new
domain that applies to only this HSM, answer "NO" to "... reuse an existing keyset?") ].
About Backup HSMs - Always choose to 'reuse' when initializing a Luna Backup HSM, so that the backup HSM will
share the domain with the source Luna HSM, and so that the red Domain PED Key remains usable with the Luna HSM.
(You do not want the red PED Key to be overwritten when creating a backup.)
At this point in the process of configuring your Luna HSM, you can :
optionally
modify some of the HSM's Policy settings
or
go directly to
"Creating HSM
Luna SA Configuration Guide
Release 5.4.1 007-011136-007 Rev C July 2014 Copyright 2014 SafeNet, Inc.   All rights reserved.
Partitions"
CHAPTER 3     HSM Initialization
66
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for SafeNet Luna SA

Related Products for SafeNet Luna SA

Table of Contents