Prerequisites
Before you proceed with the integration, complete the following tasks:
Configure Luna HSM
If you are using a Luna HSM, ensure the following:
- 
Ensure the HSM is set up, initialized, provisioned and ready for deployment. Refer to the configuring Luna HSM section for more information. 
- 
Create a partition on the Luna HSM for use with SafeNet Authentication Service (SAS). 
- 
If you are using a Luna Network HSM, register a client for the system and assign the client to each partition to create an NTLS connection for the three partitions. Initialize the Crypto Officer and Crypto User roles for each registered partition. 
- 
Ensure that each partition is successfully registered and configured. The command to see the registered partitions is: C:\Program Files\SafeNet\LunaClient>lunacm.exelunacm (64-bit) v10.2.0-111. Copyright (c) 2020 SafeNet. All rights reserved.Available HSMs:
 Slot Id -> 0
 Label -> SAS_PCE_Par
 Serial Number -> 1238696045103
 Model -> LunaSA 7.4.0
 Firmware Version -> 7.4.0
 Configuration -> Luna User Partition With SO (PW) Key Export
 with Cloning Mode
 Slot Description -> Net Token Slot
 FM HW Status -> FM Ready
 Current Slot Id: 0
- 
For PED-authenticated HSM, enable partition policies 22 and 23 to allow activation and auto-activation. Follow the configuring Luna HSM section for detailed steps for creating NTLS connection, initializing the partitions, and various user roles. 
Configure Luna HSM HA (High-Availability)
Please refer to the Luna HSM documentation (add reference) for HA steps and details regarding configuring and setting up two or more HSM appliances on Windows and UNIX systems. You must enable the HAOnly setting in HA for failover to work so that if primary stop functioning for some reason, all calls automatically routed to secondary till primary starts functioning again.
This integration is tested in both HA and FIPS mode.
Set up SafeNet Authentication Service (SAS)
Please refer to the SafeNet Authentication Service (SAS) Documentation (add reference) for installing and configuring the product. You can download SafeNet Authentication Service (SAS) from the Thales support site using the link given below:
https://supportportal.thalesgroup.com/csm
https://<hostname or IP address>/console
