Open topic with navigation
Luna SA Online Help
The SafeNet Luna SA is an Ethernet-attached HSM (Hardware Security Module) Server designed to protect critical cryptographic keys and to accelerate sensitive cryptographic operations across a wide range of security applications. The Luna SA includes many features that increase security, connectivity, and ease-of-administration in dedicated and shared security applications.
The Luna SA comes in one of two model families, according to the level of authentication and access control. Your Luna SA was factory configured to operate as either:
The standard appliance is the 1U-high, rackmount, RoHS-compliant (Reduction of Hazardous Substances) device:
which replaces the Luna SA 4.x device.
Here are some of the important physical features of the Luna SA appliance.
First, the front (this illustration shows the appliance with its decorative bezel removed)...
|a||LCD system status screen - shows IP info and scrolls through system status messages|
|b||Serial (console) port - local connection for initial setup, and for admin account reset (local-only action for security reasons)|
|c||Ventilation-fan filter cover - removable bracket allows cleaning of air filter|
|d||Fan filter cover retaining screw - a captive thumb-screw (no tool needed)|
|e||Mounts for removable front bezel - the decorative/protective front bezel mounts on the appliance front panel. Spring clips behind the bezel engage the mounting posts at the left and right ends of the appliance front panel.|
|f||Rack-mount tabs (removable) - use these on the front, and the sliding tabs toward the rear to support your Luna appliance in a compatible equipment rack|
|g||Securing screw for fan bay - Torx screw secures the fan bay; opening to swap fan modules triggers a tamper event on the appliance|
|h||USB port - use to connect Luna Remote Backup HSM (for backup of your HSM partition contents), Luna G5 HSM, or Luna DOCK 2 (for PKI and for migration of cryptographic material from older backup token HSMs); same as USB port on back panel|
|i||PED port - attach Luna PED 2, Pin Entry Device, reads the hardware (iKey) authentication devices for Trusted Path (FIPS 140 level 3) access control|
Then, the back...
|a||Kensington Security Slot - attach an industry-standard locking cable for additional physical security|
|b||Ethernet ports - for network connection of your Luna appliance|
|c||Decommissioning button - recessed for safety; renders HSM contents unusable|
|d||Power supply release tab - press tab to release the catch, and slide the power supply out|
|e||Removable power supply - one of two redundant power supplies|
|f||2nd removable power supply - the other of two redundant power supplies|
|g||Start/stop switch - use to stop the system if the command-line shutdown is not available; use to restart the system if it has been switched off|
|h||USB ports - use to connect Luna Remote Backup HSM (for backup of your HSM partition contents), Luna G5 HSM, or Luna DOCK 2 (for PKI and for migration of cryptographic material from older backup token HSMs); same as USB port on front panel|
|i, j||Unused ports - these ports are not used for Luna SA; we recommend that you do not remove the covers that were installed at the factory|
At any given time, a FIPS-validated version is available [except for newly introduced products that have not had time to go through the year-long evaluation and validation process ], and a newer not-yet-validated version might also be available. The usual practice is to ship units pre-loaded with the firmware and software at the FIPS-validated level, by default, while providing the option to update the Client software, Appliance software, and Appliance firmware to the newer version. This allows customers who need FIPS validation to have that configuration from the factory, and customers who need newer features (and do not need FIPS validation) to upgrade by simply installing the newer software and following the upgrade procedure.
To check the progress of HSM versions that are submitted for FIPS 140-2 validation visit the NIST site at:
( http://csrc.nist.gov/groups/STM/cmvp/validation.html ).
Similarly, some versions of product are submitted for Common Criteria EAL evaluation.
You can also check SafeNet Sales or SafeNet Customer Support to inquire about certification status of SafeNet HSM products. If FIPS validation or CC EAL certification are not requirements for you, then the newest version is normally the preferred option.
From the Table of Contents to the left of this window, choose one of the book icons for specific help on:
In no particular order, here are some other familiarization pages that might be of use before you begin configuring your Luna SA:
- How to Use This Help
- What Should I Do First?
- Luna SA Do's and Don'ts
- Notes About Using Luna Shell (lunash)
Open topic with navigation