Luna Network HSM Appliance Software 7.7.1

Luna Network HSM 7.7.1 was released in April 2021.

>Download Luna Network HSM Appliance Software 7.7.1 (includes firmware update to Luna HSM Firmware 7.7.1)

New Features and Enhancements

Luna Network HSM 7.7.1 includes the following new features and enhancements:

Network HSM admin can initialize partitions using LunaSH

Luna Shell (LunaSH) on the Luna Network HSM appliance now includes partition init and partition init co commands to initialize a new partition with a Partition Security Officer (PO) identity and a partition Crypto Officer (CO). This addresses situations where the HSM administrator is also the partition owner, and it is convenient to hand off a ready-configured partition for client-side use in LunaCM and applications.

White-listing of permitted IP addresses for SSH access to the Luna Network HSM appliance

Configure and manage SSH access control at the Luna Network HSM appliance, by creating a white list of IP addresses that are permitted to connect to a specified appliance userid via SSH. The sysconf ssh client commands are optional, and can be used to apply an additional layer in your network security.

REST API 10 supports use of third-party certificates

REST API 10.0.0 for Luna Network HSM now allows you to use client certificates signed by a trusted Certificate Authority (CA), which can be a commercial third-party CA or your organization's own signing station. See REST API References.

REST API provides additional capabilities previously available only in LunaSH

REST API 10.0.0 for Luna Network HSM adds equivalents for the LunaSH token backup commands, sysconf config commands, and any status commands and ntls commands not previously included.

SSH inactivity timeout

SSH sessions timeout after 30 minutes of inactivity.

SHA1 ciphers are disabled for SSH

For security reasons, the Luna Network HSM appliance no longer allows a calling system to negotiate down to SHA1 ciphers when setting up SSH sessions.

Mandatory password while creating a LunaSH user

Creation of a user in LunaSH now requires setting an initial password that meets Linux password standards, rather than setting a known disposable value.

Release 7.7.1 Advisory Notes

This section highlights important issues you should be aware of before deploying appliance software 7.7.1.

Luna Network HSM Appliance BIOS and BMC Firmware Update Patch is a Prerequisite

The Network HSM Appliance BIOS and BMC Firmware Update Patch i is a prerequisite for upgrading to Luna Network HSM appliance software 7.7.1 and newer. If your appliance was already at version 7.7.0, then the patch is already installed. If you are updating from an appliance version earlier than 7.7.0, then the patch must be installed before upgrading to 7.7.1 or newer.

CAUTION!   The Network HSM Appliance BIOS and BMC Firmware Update Patch must be installed over SSH only. Installation over a serial port connection will fail.

sysconf snmp trap set command now defaults to "inform"

Previously, sysconf snmp trap set -traptype command would default to "trap". This has changed with release 7.7.0; which adds the option "inform", the new default. If you had any scripts that relied on the default setting, they should now be adjusted to explicitly set the -traptype.

Release 7.7.1 Valid Update Paths

You can update the Luna Network HSM appliance software to version 7.7.1 from the following previous versions:

>7.0.0, 7.1.0, 7.2.0, 7.2.2, 7.3.0, 7.3.1, 7.3.3, 7.3.4, 7.4.0, 7.4.1, 7.4.2, 7.7.0