Appliance Administration

There are several ways to access to your Luna Network HSM 7 appliance to perform administrative operations, depending on what works best for you and your organization. They include:

>Luna Shell (LunaSH): a custom command-line interface that can be accessed by using any SSH-capable utility.

>Luna REST API: a secure web application that can perform many LunaSH functions via scriptable REST APIs.

>Thales Crypto Command Center: a web-based application that provides separate administrative and application owner interfaces.

The LunaSH command line interface is the standard secure interface with which you can perform operations on your HSM. It creates a secure administration channel for administrative sessions only. The REST API is specifically tailored for the management of your appliance, and does not allow applications to perform cryptographic operations. Crypto Command Center is a web-based application that facilitates rapid service provisioning and deployment. Each of these administrative interfaces allows you to efficiently manage your appliance in different ways.

For detailed instructions on using the LunaSH command line, see About the LunaSH Command Reference.

For the REST API, see REST API References.

For the Thales Crypto Command Center application, refer to the CCC product documentation.

Appliance Management

The Luna Network HSM 7 appliance comes equipped with features that prevent attackers from stealing your proprietary information. Some of these features need to be maintained for maximum protection, and doing so is simple and efficient.

Physical Maintenance

Physical maintenance, such as replacing power supplies and fans, does not require you to turn off your HSM. This allows you to continue working, and return to the appliance as you left it once you finish maintenance.

Appliance Roles and Users

Appliance roles, users, and time are configured independently from the HSM (cryptographic module) inside the appliance. This separation of duties is beneficial to keeping a secure environment and to easily delegate responsibilities to personnel as you wish.

When you log in to the Luna appliance via LunaSH, the default IDs are admin which requires the admin password, operator, which requires the operator password, or monitor which requires the monitor password. You can also create custom named roles with the privileges of each of these IDs, or access to a subset of specific commands only.

As the appliance admin, you can connect and log in locally, via a serial terminal, or remotely via SSH. With no further authentication, admin can perform general, appliance-level administration (not accessing the HSM), and can run view/list/show/display commands on the HSM that do not make changes. Admin sees the full available command set, while operator, monitor, and custom users see only subsets that allow them use or read-only access to the appliance respectively.

Appliance Authentication

If any administrative user attempts an HSM command that needs authentication, the interface prompts for that authentication. On multifactor quorum-authenticated systems, you are directed to the Luna PED, which prompts for PED keys and keypad actions.

The way you manage and configure your appliance is flexible, adapting to your needs.



	SUPPORT	LEGAL
Luna Network HSM 7 Documentation © Copyright 2001-2024, Thales Group Last Updated: 2024-04-15 13:18:27 GMT-04:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Third Party Software Licenses Document Information