Luna HSM Client 7.2.0

Luna HSM Client 7.2.0 was released in May 2018.

NOTE This version of Luna HSM Client is compatible with Luna HSMs with firmware 6.2.1 and newer. Features that do not have client version dependencies will function without issue. However, Thales has some recommendations when using certain firmware versions. See General Version Compatibility Recommendations.

New Features and Enhancements

Luna HSM Client 7.2.0 includes the following new features and enhancements:

Enhanced Version Compatibility

Version 7.2 and newer Luna HSM Client can be used with HSMs running Luna 6.2.1 or higher, or any Luna 7 version, without conflict. Luna HSM Client 7.2 and newer versions can coexist in large deployments. You can schedule client roll-outs at your convenience, without need to match versions across your organization. Future HSM features that do not have client-version dependencies will function without issue.

Mixed-Version HA Groups

HA groups containing both Luna Network HSM 7 6 and 7 partitions are now supported using Luna HSM Client 7.2 or newer. This mixed-version configuration is useful for migrating keys to a new Luna Network HSM 7 7, or to gradually upgrade your production environment from Luna 6 to Luna 7.

Improved Client Installer with User-Defined Install Paths (Windows)

Luna HSM Client can be installed at user-selected locations (file paths with sufficient space), and installed Client software can be modified without uninstalling and reinstalling.

User-Defined Client Install Paths (Linux)

Linux root-level users can install the Luna HSM Client software to an installation directory of their choice.

Minimal Client (Linux)

The Luna Minimal Client for Linux provides only the files needed to use an application with a partition on a Luna Network HSM 7 for deployment in Docker containers and similar microservice environments. The Luna Minimal Client can be installed on a workstation without root access.

Initialize the Orange RPV Key Remotely

You can now initialize the Luna Network HSM 7's Remote PED Vector (orange key) using a Luna PED connected to a remote workstation running PEDserver. A one-time numeric password is used to authenticate the Remote PED to the HSM before initializing the RPV. This optional method is useful if the HSM SO only has remote SSH access to the appliance. The HSM must be in a zeroized state (uninitialized), for security. Your firewall settings must allow an HSM-initiated Remote PED connection.

See Initializing the Remote PED Vector and Creating an Orange Remote PED key.

This feature also requires Luna Appliance Software 7.2.0.

Auto-Enabled HA Logging

Luna HSM Client now automatically enables HA logging, either when you create the first HA group, or when you update the Luna HSM Client to 7.2.0 and it detects a previously-configured HA group. If you manually turn HA logging off, logging is not auto-enabled for new HA groups.

Supported Operating Systems

You can install the Luna HSM Client 7.2.0 on the following operating systems:

Operating System	Version	64-bit applications on 64-bit OS	32-bit applications on 64-bit OS	32-bit applications on 32-bit OS
Windows	10	Yes	Yes	No
Windows Server	2016	Yes	Yes	No
Windows Server	2012 R2	Yes	Yes	No
Redhat-based Linux (including variants like CentOS and Oracle Enterprise Linux)	7	Yes	Yes	Yes
	6	Yes	Yes	Yes
AIX **	7.1	Yes	No	No
Solaris (SPARC/x86) **	11	Yes	No	No
Ubuntu *	14.04	Yes	No	Yes

* The Linux installer for Luna HSM Client software is compiled as .rpm packages. To install on a Debian-based distribution, such as Ubuntu, alien is used to convert the packages. We used build-essential:

apt-get install build-essential alien

If you are using a Docker container or another such microservice to install the Luna Minimal Client on Ubuntu, and your initial client installation was on another supported Linux distribution as listed above, you do not require alien. Refer to the product documentation for instructions. You might need to account for your particular system and any pre-existing dependencies for your other applications.

** Although the AIX and Solaris installers display the options, Luna PCIe HSM 7 and Luna USB HSM 7 are not supported in this release. Select only Luna Network HSM during installation.

Supported Cryptographic APIs

Applications can perform cryptographic operations using the following APIs:

>PKCS#11 2.20

>Java 7/8/9

>OpenSSL

>Microsoft CAPI

>Microsoft CNG

Advisory Notes

This section highlights important issues you should be aware of before deploying Luna HSM Client 7.2.0.

STC over IPv6 is Unavailable

STC client-partition links are not available over an IPv6 network.



	SUPPORT	LEGAL
Luna Network HSM 7 Documentation © Copyright 2001-2024, Thales Group Last Updated: 2024-04-26 12:02:08 GMT-04:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Third Party Software Licenses Document Information