Dynamic Partition Loading for Luna Cloud HSM Services

Luna HSM Client 10.5.0 and newer provide access to dynamic partition loading for Luna Cloud HSM services. Dynamic partition loading allows you to add additional sets of client UserIDs (combination of unique AuthTokenClientID, AuthTokenClientSecret, AuthTokenConfigURI) to the crystoki.conf or Chrystoki.ini file and automatically access the added partitions without restarting LunaCM or impacting other applications using LunaCM. Deleted partitions will not be removed from the LunaCM list until you restart LunaCM.

The default maximum number of users that can be added to a crystoki.conf or Chrystoki.ini file is 100. For more information about configuring the maximum number of client UserIDs see MaxUserIDCount in the Configuration File Summary.

Prerequisites

>Luna HSM Client 10.5.0 or newer

•An HSM client downloaded from the Thales Support Portal. If using an HSM client this procedure assumes that you have already set up your HSM client on your Windows or Linux workstation. In addition, this procedure requires the REST and XTC sections of the Luna Cloud HSM service be available in the client configuration file. See Adding a Luna Cloud HSM Service for more information about adding your first Luna Cloud HSM service and the necessary configuration file entries to an existing HSM client.

–Windows Interactive Luna HSM Client Installation

–Linux Luna HSM Client Installation

•A minimal client downloaded from Thales Data Protection on Demand.

>A Luna Cloud HSM service partition to load dynamically.

>If HSM client is not installed at the default location, the ChrystokiConfigurationPath must be set for the Luna Cloud HSM service to use the correct location.

To dynamically load a partition

1.Open the client configuration file (the Chrystoki.conf (Linux) or crystoki.ini/crystoki-template.ini (Windows)), for the HSM client that you are adding the Luna Cloud HSM service partition to, in a text editor.

2.In the REST section, add the client UserID values for the new partition. Append the client UserID values with a unique numerical value to associate the client UserID values with each other.

TIP The client UserID values can be accessed from the Chrystoki.conf (Linux) or crystoki.ini/crystoki-template.ini (Windows) configuration files included in the Luna Cloud HSM service client package.

Linux example:

REST = {
AuthTokenConfigURI=********
AuthTokenClientId=********
AuthTokenClientSecret=********
AuthTokenConfigURI2=********
AuthTokenClientId2=********
AuthTokenClientSecret2=********
AuthTokenConfigURI3=********
AuthTokenClientId3=********
AuthTokenClientSecret3=********
RestClient=1 
ClientTimeoutSec=120
ClientPoolSize=32
ClientEofRetryCount=15
ClientConnectRetryCount=900
ClientConnectIntervalMs=1000
PartitionData00=1334054167371, na.hsm.dpondemand.io, 443
SSLClientSideVerifyFile=.\\server-certificate.pem;
}

Windows example:

[REST]
AuthTokenConfigURI=********
AuthTokenClientId=********
AuthTokenClientSecret=********
AuthTokenConfigURI2=********
AuthTokenClientId2=********
AuthTokenClientSecret2=********
AuthTokenConfigURI3=********
AuthTokenClientId3=********
AuthTokenClientSecret3=********
RestClient=1 
ClientTimeoutSec=120
ClientPoolSize=32
ClientEofRetryCount=15
ClientConnectRetryCount=900
ClientConnectIntervalMs=1000
PartitionData00=1334054167371, na.hsm.dpondemand.io, 443
SSLClientSideVerifyFile=.\\server-certificate.pem;

3.Execute the "slot list" command in LunaCM to display the additional partitions.

TIP Additional sets of client UserIDs can be exported and secured as described in Configuration File Summary.



	SUPPORT	LEGAL
Luna Network HSM 7 Documentation © Copyright 2001-2024, Thales Group Last Updated: 2024-04-15 13:18:27 GMT-04:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Third Party Software Licenses Document Information