Application Partitions

The Luna Network HSM 7 has two types of partition:

>one administrative partition, created when you initialize the HSM. The administrative partition is owned by the HSM Security Officer (SO). This partition is used by the HSM SO and the Auditor, and is not used to store cryptographic objects. Operations on the administrative partition are handled using LunaSH.

> at least one application partition, created by the HSM SO. The application partition is owned by its Partition Security Officer (PO), and has its own access controls and security policies independent from the administrative partition and other application partitions. Its function is to store cryptographic objects used by your applications.

An application partition is like a safe deposit box that resides within a bank's vault. The HSM (vault) itself offers an extremely high level of security for its contents. An application partition (safe deposit box) on the HSM has its own security and access controls, so that even though the HSM SO has access to the vault, they still cannot access the contents of the individual partitions. Only the Partition Security Officer holds the partition's administrative credentials.

Depending on your Luna Network HSM 7 model and the number of additional partition licenses you have purchased, you can create anywhere from 5 to 100 application partitions on the HSM. Each partition can store cryptographic objects according to the amount of memory you assign. The HSM SO can customize the size of individual partitions until all the memory on the HSM is allotted. To purchase additional partition licenses, see Upgrading HSM Capabilities and Partition Licenses.

This chapter contains the following procedures for managing application partitions:

>Creating or Deleting an Application Partition

>Customizing Partition Sizes