Integration Prerequisites
Before you begin working through a Luna HSM integration guide, take a few minutes to confirm that your environment is fully prepared and accessible. The integration guides are designed to be execution-focused and assume that the Luna platform, partition, and client configuration are already in place. If any foundational setup is incomplete, you may encounter errors during integration and need to pause for remediation. Reviewing the prerequisites below helps ensure a smoother and more predictable integration experience.
Initialize and Validate Your Luna HSM
Ensure that your Luna Network HSM appliance or Luna Cloud HSM service has been installed, initialized, and placed into an operational state according to the official Luna documentation. This section focuses strictly on appliance or service readiness. Verify the following:
-
The HSM appliance or Luna Cloud HSM service is powered on and reachable
-
Initial setup and provisioning have been completed
-
The firmware version is visible and operating normally
-
The HSM reports no hardware or security errors
-
The HSM is operating in the intended security mode (FIPS or non-FIPS, if applicable)
-
You have reviewed the official Luna product documentation and confirmed that all baseline setup steps are complete
Prepare a Dedicated Partition for the Application
Most integrations use a dedicated Luna partition to isolate application keys and simplify role management. This section focuses strictly on partition readiness. Verify the following:
-
A dedicated partition has been created for the application
-
The partition label and serial number are documented
-
The Crypto Officer (CO) role has been initialized
-
The Crypto User (CU), if required by your integration, has been created
-
Partition credentials are securely stored and available
-
You can log in to the partition successfully from an authorized client
Install and Register the Luna Client and Required Interfaces
Before starting the integration guide, ensure that the Luna client software is installed on the system where the third-party application will run and that it is properly registered to the HSM. This section focuses on host-side readiness and cryptographic interface availability. Verify the following:
-
The correct Luna client version is installed on the integration host
-
The HSM is reachable from the integration host over the network
-
The client has been successfully registered to the HSM (NTLS for on-premise deployments)
-
The client configuration reflects the correct HSM IP address or Cloud endpoint
-
Running
lunacmshows the expected HSM serial number and partition slot -
You can successfully log in to the required partition from the integration host
-
The cryptographic interface required by your integration (PKCS#11, JCE, CSP/KSP, EKM, etc.) is installed
-
Required provider libraries (for example,
cryptoki.dll,libCryptoki2.so, JCE provider JARs, CSP/KSP modules, or EKM provider libraries) are present and accessible in the expected system path -
Basic validation using the required interface (such as listing slots, enumerating keys, or confirming provider registration) completes successfully
Align Platform Versions with the Integration Guide
Before beginning the integration, carefully review the Supported Platforms section in the specific integration guide you are using. Each guide lists the operating systems, Luna firmware versions, client versions, and third-party application versions that were tested and validated. Verify the following:
-
Your operating system version matches a supported platform listed in the integration guide
-
Your Luna firmware version matches a tested and supported release
-
Your Luna client version aligns with the integration guide requirements
-
The third-party application version matches one of the validated configurations
-
Any firmware-level mechanism restrictions noted in the guide have been reviewed
-
If operating in FIPS mode or HA, the integration guide confirms support for those configurations
Version mismatches are one of the most common causes of integration issues. Confirming compatibility upfront can prevent unnecessary troubleshooting later.
Enable Required Security Modes and High Availability (If Applicable)
If your organization operates in FIPS mode, uses High Availability (HA), or requires specific security policies, confirm that these configurations have been fully enabled and validated before starting the integration. Verify the following:
-
The HSM is operating in the intended security mode (FIPS or non-FIPS)
-
If FIPS mode is required, the HSM has been properly configured and rebooted into FIPS mode
-
Required client-side configuration settings for FIPS mode are applied (if applicable)
-
If HA is configured, the HA group is correctly set up
-
The HA group is visible from the client
-
Failover has been tested to confirm continuity of cryptographic operations
-
Any required partition policies or cloning settings are configured as expected
Begin the Integration
Once the above items are confirmed, you are ready to begin the integration. Navigate to the Luna HSM Integrations page and select the integration guide relevant to your application. Follow the documented steps in order. With the foundational setup already complete, you can focus entirely on the application configuration and key management tasks described in the guide.