Luna Appliance Software 7.7.0

Luna Appliance Software 7.7.0 was released in October 2020.

>Download Luna Appliance Software 7.7.0 (includes firmware update to Luna HSM Firmware 7.7.0)

This version also includes Luna Backup HSM 7 Firmware 7.7.1 ready to install (see Updating the Appliance-Connected Luna Backup HSM 7 Firmware).

New Features and Enhancements

Luna Appliance Software 7.7.0 includes the following new features and enhancements:

Scalable Key Storage

Scalable Key Storage is an optional feature that allows off-board storage of keys and objects in quantities greater than the capacity of an HSM - virtually unlimited storage, for use with your RSS (Remote Signing and Sealing) and other applications that require thousands or millions of keys. An SKS Master Key (SMK, which never leaves the HSM) securely encrypts extracted keys and objects, such that they remain within the cryptographic module's security perimeter, and can be reinserted (decrypted inside the HSM) for immediate use by your application.

Preserves key attributes through the life-cycle of a key.

Provides the option of new SKS function, or classic Luna "keys always in hardware" operation, on a partition-by-partition basis.

This feature also requires Luna HSM Firmware 7.7.0 or newer, and Luna HSM Client 10.3.0 or newer.

Per-Key Authorization

Per-Key Authorization allows granular control of key material for applications requiring high assurance by providing authorization on a per-key basis.

This feature also requires Luna HSM Firmware 7.7.0 or newer, and Luna HSM Client 10.3.0 or newer.

STC Usability and eIDAS Compliant Security is Added

STC policy is improved, with fewer steps in setup. The use (and configuration) of Admin channel is removed. The partition identity is now a certificate.

See Client-Partition Connections.

This feature also requires Luna HSM Firmware 7.7.0 or newer, and Luna HSM Client 10.3.0 or newer.

NTLS Appliance Certificates Signed by Third Party CA

Luna Network HSM 7 appliance now allows the use of communications-securing NTLS certificates from third-party Certification Authorities, while continuing to support use of self-signed certificates where desired.

See Creating an NTLS Connection Using Certificates Signed by a Trusted Certificate Authority.

Valid Update Paths

You can update the Luna Appliance Software to version 7.7.0 from the following previous versions:

>7.0.0, 7.1.0, 7.2.0, 7.2.2, 7.3.0, 7.3.1, 7.3.3, 7.3.4, 7.4.0, 7.4.1, 7.4.2

Advisory Notes

This section highlights important issues you should be aware of before deploying Luna Appliance Software 7.7.0.

Change in Network Routing Default Requires Precaution Before Update

A change to network routing when updating to Luna Appliance Software 7.7.0 or newer, from any prior 7.x version, can cause your appliance to become unreachable via network connection. Older appliance versions permitted the existence of multiple default routes. Beginning with Luna Appliance Software 7.7.0, only one instance of the default route can exist.

Options for a successful update with minimal disruption are:

>Remove all but one instance of the ‘default route’, using the network route delete command, before upgrading from any appliance software version older than Luna Appliance Software 7.7.0.

>Connect locally via serial cable to perform the update, so your access to the network appliance is not lost when network connection becomes temporarily unavailable (pending proper network configuration).

Note also that if you re-image, going back to a version older than Luna Appliance Software 7.7.0, the routing table goes back to the old format and you must apply one of the above precautions again, to update.

If the above precautions are not taken and the appliance becomes unreachable, complete the following steps to restore connection to the appliance:

1.Connect locally via serial cable.

2.Delete all network interfaces. See network interface delete.

3.Configure a network interface to use a default route by doing one of the following:

•Configure the network interface to use a static IP configuration while specifying the -gateway option. See network interface static.

•Configure the network interface to use DHCP. See network interface dhcp.

After you complete the above steps, network connectivity to the appliance is restored and any remaining interfaces that are configured do not have a default route set.

Luna Network HSM 7 Reboot Patch is a Prerequisite For Older Appliances

The Luna Network HSM 7 Reboot Patch is a prerequisite for updating to Luna Appliance Software 7.7.0 and newer. Appliances currently shipped from the factory have this patch already installed, but if you have an older appliance, you must first install the patch or the appliance software update will not proceed.

If you already installed the patch to enable an earlier update (7.7.0 or newer), you do not need to install it again.

sysconf snmp trap set command now defaults to "inform"

Previously, sysconf snmp trap set -traptype command would default to "trap". This has changed with Luna Appliance Software 7.7.0; which adds the option "inform", the new default. If you had any scripts that relied on the default setting, they should now be adjusted to explicitly set the -traptype.



	SUPPORT	LEGAL
Luna Network HSM 7 Documentation © Copyright 2001-2024, Thales Group Last Updated: 2024-04-15 13:18:27 GMT-04:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Third Party Software Licenses Document Information