Deploying the Appliance
This section describes how to deploy the NextGen KeySecure k570 Appliance. This section consists of the
following sub-sections:
>
"Initializing the SafeNet Luna PCIe HSM Card"below
>
"Resetting the Crypto Officer Password"on page29
>
"Activating the Appliance"on page31
>
"Configuring the HSM as Root of Trust"on page33
Initializing the SafeNet Luna PCIe HSM Card
The k570 Appliance includes a SafeNet Luna PCIe HSM card. As the System Administrator (ksadmin), use one
of the following procedures:
>
"Initializing the HSM Card in a PED-authenticated appliance"below
>
"Initializing the HSM Card in a Password-authenticated appliance"on page28
Initializing the HSM Card in a PED-authenticated appliance
1. As the System Administrator (ksadmin), SSH in to the appliance (or connect via serial port using your
password) and execute the "/usr/safenet/lunaclient/bin/lunacm" utility.
The utility displays information on the detected HSM card and allows you to execute various HSM
management commands.
NOTE Refer to the Gemalto Luna PCIe HSM documentation for more details on these
HSM commands.
2. Make sure an HSM admin slot is selected.
Optional:
To see the available slots, enter:
lunacm:> slot list
Look for a slot with description "Admin Token Slot".
To select the active slot, enter:
lunacm:> slot set -slot <number>
3. Re-initialize the HSM Card.
lunacm:> hsm factoryReset
KeySecure k570 Appliance : Installation Guide
16 June 2020,Copyright© 2020 Thales Group.All rights reserved.
26
To Next Page
Loading...