Gemalto SafeNet Luna Network HSM 7.0 Installation Manual
  1. Manuals
  2. Brands
  3. Gemalto Manuals
  4. Network Hardware
  5. SafeNet Luna Network HSM 7.0
  6. Installation manual

Gemalto SafeNet Luna Network HSM 7.0 Installation Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

SafeNet Luna Network HSM 7.0
Installation Guide

Advertisement

Table of Contents
loading

Related Manuals for Gemalto SafeNet Luna Network HSM 7.0

Summary of Contents for Gemalto SafeNet Luna Network HSM 7.0

  • Page 1 SafeNet Luna Network HSM 7.0 Installation Guide...
  • Page 2 Initial release. Trademarks, Copyrights, and Third-Party Software Copyright 2001-2017 Gemalto. All rights reserved. Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and/or its subsidiaries and are registered in certain countries. All other trademarks and service marks, whether registered or not in specific countries, are the property of their respective owners.
  • Page 3 Gemalto does not and shall not warrant that this product will be resistant to all possible attacks and shall not incur, and disclaims, any liability in this respect.
  • Page 4 Regulatory Compliance This product complies with the following regulatory regulations. To ensure compliancy, ensure that you install the products as specified in the installation instructions and use only Gemalto-supplied or approved accessories. USA, FCC This equipment has been tested and found to comply with the limits for a “Class B” digital device, pursuant to part 15 of the FCC rules.

  • Page 5: Table Of Contents

    Windows SafeNet Luna HSM Client Installation Required Client Software Prerequisites Installing the Luna HSM Client Software Java CSP and KSP Uninstalling or Modifying the SafeNet Luna Client Software SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.
  • Page 6 Installing the Luna HSM Client for the SafeNet Luna Backup HSM Installing the Luna HSM Client for Remote PED Uninstalling the Luna HSM Client SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 7: Preface

    SafeNet Luna HSM users and security officers, key manager administrators, and network administrators. All products manufactured and distributed by Gemalto are designed to be installed, operated, and maintained by personnel who have the knowledge, training, and qualifications required to safely perform the tasks assigned to them.

  • Page 8: Document Conventions

    In command descriptions, angle brackets represent variables. You must substitute a value for command line arguments that are enclosed in angle brackets. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 9: Support Contacts

    Base. To create a new account, click the Register link at the top of the page. You will need your Customer Identifier number. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 10: Safenet Luna Network Hsm Hardware Installation

    "Rack-Mounting the SafeNet Luna Network HSM" on page 3. Install and connect the hardware, as described in "Installing the SafeNet Luna Network HSM Hardware" on page SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 11: Safenet Luna Network Hsm Required Items

    One for each power supply, with connectors appropriate to your region of operation. Adapter Cable: RJ45 to USB with a standard eight-pin, eight connector (8P8C) modular connector SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.
  • Page 12 4x bracket screws Mounting Bracket Set "Using the Supplied Mounting Brackets" on page 16 for installation instructions. Set includes: • 2x side rails SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 13: Ped-Authenticated Safenet Luna Network Hsm Order Items

    Item Standard or Remote-Capable Luna PED Your order should include at least one PED device. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.
  • Page 14 The power supply is auto-sensing and includes replaceable mains plug modules for international use. Set of PED Keys and Labels SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 15: Optional Items

    • 2x transformer brackets • 4x round-headed mounting screws • 4x flat-headed mounting screws • 6x rail screws SafeNet Luna Backup HSM SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 16: Rack-Mounting The Safenet Luna Network Hsm

    To mount the SafeNet Luna Network HSM hardware: 1. Install the two front ear mounting brackets on the HSM chassis using the included screws and a #2 Phillips SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.
  • Page 17 To avoid this, use only the screws included with the mounting bracket set. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.
  • Page 18 CAUTION: Support the weight of the appliance with the hydraulic lift until all four brackets are secured. 7. Secure the front ear brackets using the last four included rack mounting screws. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 19: Using The Optional Sliding Rail System

    2. Fit the front end of each mount into either side of the rack and pull the spring-loaded latch at the rear to snap it in place. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.
  • Page 20 4. Fasten the transformer bracket to each sliding mount with the remaining two wide flat-headed screws. 5. Loosely thread two of the six smaller flat-headed screws into each side of the SafeNet Luna Network HSM. Fit SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.
  • Page 21 Note: Use only the screws included with the SafeNet Luna Network HSM. Screws that are too large can prevent the locking bezel from fitting to the faceplate. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.
  • Page 22 1     SafeNet Luna Network HSM Hardware Installation "Installing the SafeNet Luna Network HSM Hardware" on the next page to continue the installation process. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 23: Installing The Safenet Luna Network Hsm Hardware

    For proper redundancy and best reliability, the power cables should connect to two completely independent power sources. 2. If you have a PED-authenticated SafeNet Luna Network HSM, connect the PED directly to the HSM card's USB SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.
  • Page 24 RJ45 adapter cable (supplied). This terminal provides serial access to LunaSH for initial network configuration. See "Open a Connection" on page 1 for more information. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.
  • Page 25 Note: Leaving the keys in the bezel may interfere with closing the rack door and compromise security. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 26: Safenet Luna Remote Ped Installation And Configuration

    PED (Remote PED Capable and with firmware 2.7.1 or newer) PED Power Supply kit with replaceable mains plug modules for international use (required when the PED is operated in Remote PED mode) SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.
  • Page 27 Cable, Data, 9-pin, Micro-D to Micro-D connectors (for local PED operation prior to HSM firmware versions 7.x.). Ten-pack of iKey 1000 PED keys, and sheets of peel-and-stick labels SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 28: Remote Ped Setup

    Connect the PED directly to the HSM that you will later be using remotely. Connect the PED to the power supply. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.
  • Page 29 2. Choose a plug style that is appropriate for your country and place it in the power supply, top end first, then snap the SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.
  • Page 30 8. Perform an hsm login or role login -name SO (as appropriate). The PED prompts for the Remote PED key. Insert the imprinted Remote PED key associated with the connecting HSM appliance, and press Enter. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.
  • Page 31 Remote PED session from the PED Server side, providing that the computer hosting the PED has obtained and registered the SafeNet Luna Network HSM's server.pem certificate. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 32: Safenet Luna Hsm Client Software Installation

    Note: Not all operating systems are supported for each SafeNet Luna HSM type. Refer to the Customer Release Notes (see "Customer Release Notes" on page 7) for the most current information on supported platforms. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 33: Linux Safenet Luna Hsm Client Software Installation

    32-bit Client on 64-bit RedHat 6 Before installing the 32-bit Client on 64-bit OS, you must enter the following commands: yum install glibc.i686 yum upgrade libstdc++ SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 34: Installing The Client Software

    Enter. As each item is selected, the list updates, with a * in front of any item that has been SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 35: Controlling User Access To Your Attached Hsms And Partitions

    1. Ensure that you have sudo privileges on the client workstation. 2. Add a user to the hsmusers group: sudo gpasswd --add <username> hsmusers SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 36: Uninstalling The Client Software Or Removing Components

    Java (JDK or run-time environment from the vendor of your choice) onto your system. Refer to the Customer Release Notes for supported JDKs. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 37: Scripted Or Unattended Installation

    - Luna Client install through menu install.sh help - Display scriptable install options install.sh all - Complete Luna Client install SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 38: Interrupting The Installation

    (UPS). If you press [CTRL] [C], or otherwise interrupt the installation (OS problem, power outage, other), some components will not be installed. It is not possible to resume an interrupted install process. The result of an SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.
  • Page 39 (following an interrupted installation, as described), you would need to uninstall everything first. If sh uninstall.sh is unable to do it, then you must uninstall all packages manually. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 40: Windows Safenet Luna Hsm Client Installation

    For compatibility of our HSMs with Windows in general, we provide both 32-bit and 64-bit libraries and tools for use with your applications as appropriate. Hardware drivers are 64-bit only. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.
  • Page 41 2. Uninstall any previous versions of the Client software before you proceed (see "Uninstalling or Modifying the SafeNet Luna Client Software" on page 46). 3. Download the Luna HSM Client from the Gemalto Support Portal at https://supportportal.gemalto.com and extract the .zip to an appropriate folder.
  • Page 42 Use the + icon to show which components are included. Install all of the components for the product. Do not install this component. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.
  • Page 43 10. If Windows presents a security notice asking if you wish to install the device driver from SafeNet, click Install to accept. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 44: Java

    Java 7 and Java 8 Library Path Issue Gemalto has traditionally recommended that you put LunaAPI.dll in the <java_install_dir>/lib/ext folder. However, Java 7 and Java 8 for Windows have removed that directory from the Java library path. As a result, when a Java 7 or Java 8 application on Windows uses the SafeNet provider, it cannot find the LunaAPI.dll library, causing the...
  • Page 45 Occasional problems have been encountered with respect to IBM JSSE. GNU JDK shipped with most Linux systems has historically been incomplete and not suitable. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 46: Csp And Ksp

    To uninstall the Luna HSM client software: 1. Run the LunaHSMClient.exe program again. Because the software is already installed on your computer, the following dialog is displayed: SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 47: After Installation

    Another approach might be possible. If you have sufficient elevated permissions, you might be able to right-click and open a Command Prompt window as Administrator. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.
  • Page 48 PedClient. See "Scripted/Unattended Windows Installation/Uninstallation" on the next page for instructions on how to install the client software from the command line. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 49: Scripted/Unattended Windows Installation/Uninstallation

    JCPROV component for the SafeNet Luna Network HSM For example, the following command installs the base software and all of the optional components: SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 50: Installing The Luna Hsm Client For The Safenet Luna Pcie Hsm

    Use the ADDLOCAL=USB flag to install the base client software for the SafeNet Luna USB HSM. Include the flags listed below to install any optional software components you desire. The base software must be installed first. SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 51: Installing The Luna Hsm Client For The Safenet Luna Backup Hsm

    LunaHSMClient.exe /install /l install.log /quiet /norestart ADDLOCAL="RB" • Install the base Luna HSM Client software and the following optional component for the SafeNet Luna USB HSM: SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

  • Page 52: Installing The Luna Hsm Client For Remote Ped

    The uninstall.log file is required only if troubleshooting an issue with Technical Support. To uninstall the Luna HSM Client From the location of LunaHSMClient.exe run the following command: LunaHSMClient.exe /uninstall /quiet /l uninstall.log SafeNet Luna Network HSM Installation Guide Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto   All rights reserved.

Table of Contents