You are here: Getting Started > Luna SA Introduction

Introduction

The SafeNet Luna SA is an Ethernet-attached HSM (Hardware Security Module) Server designed to protect critical cryptographic keys and to accelerate sensitive cryptographic operations across a wide range of security applications. The Luna SA includes many features that increase security, connectivity, and ease-of-administration in dedicated and shared security applications.

The Luna SA comes in one of two model families, according to the level of authentication and access control. Your Luna SA was factory configured to operate as either:

The standard appliance is the 1U-high, rackmount, RoHS-compliant (Reduction of Hazardous Substances) device:

 

 

 

 

which replaces the Luna SA 4.x device.

 

 

 

Here are some of the important physical features of the Luna SA appliance.

First, the front (this illustration shows the appliance with its decorative bezel removed)...

Item Description
a LCD system status screen - shows IP info and scrolls through system status messages
b Serial (console) port - local connection for initial setup, and for admin account reset (local-only action for security reasons)
c Ventilation-fan filter cover - removable bracket allows cleaning of air filter
d Fan filter cover retaining screw - a captive thumb-screw (no tool needed)
e Mounts for removable front bezel - the decorative/protective front bezel mounts on the appliance front panel. Spring clips behind the bezel engage the mounting posts at the left and right ends of the appliance front panel.
f Rack-mount tabs (removable) - use these on the front, and the sliding tabs toward the rear to support your Luna appliance in a compatible equipment rack
g Securing screw for fan bay - Torx screw secures the fan bay; opening to swap fan modules triggers a tamper event on the appliance
h USB port - use to connect Luna Remote Backup HSM (for backup of your HSM partition contents), Luna G5 HSM, or Luna DOCK 2 (for PKI and for migration of cryptographic material from older backup token HSMs); same as USB port on back panel
i PED port - attach Luna PED 2, Pin Entry Device, reads the hardware (iKey) authentication devices for Trusted Path (FIPS 140 level 3) access control

 

Then, the back...

Item Description
a Kensington Security Slot - attach an industry-standard locking cable for additional physical security
b Ethernet ports - for network connection of your Luna appliance
c Decommissioning button - recessed for safety; renders HSM contents unusable
d Power supply release tab - press tab to release the catch, and slide the power supply out
e Removable power supply - one of two redundant power supplies
f 2nd removable power supply - the other of two redundant power supplies
g Start/stop switch - use to stop the system if the command-line shutdown is not available; use to restart the system if it has been switched off
h USB ports - use to connect Luna Remote Backup HSM (for backup of your HSM partition contents), Luna G5 HSM, or Luna DOCK 2 (for PKI and for migration of cryptographic material from older backup token HSMs); same as USB port on front panel
i, j Unused ports - these ports are not used for Luna SA; we recommend that you do not remove the covers that were installed at the factory  

 

At any given time, a FIPS-validated version is available, and a newer not-yet-validated version might also be available. The usual practice is to ship units pre-loaded with the firmware and software at the FIPS-validated level, by default, while providing the option to update the Client software, Appliance software, and Appliance firmware to the newer version. This allows customers who need FIPS validation to have that configuration from the factory, and customers who need newer features (and do not need FIPS validation) to upgrade by simply installing the newer software and following the upgrade procedure.

To check the progress of HSM versions that are submitted for FIPS 140-2 validation visit the NIST site at:
( http://csrc.nist.gov/groups/STM/cmvp/validation.html ).

Similarly, some versions of product are submitted for Common Criteria EAL evaluation.

You can also check SafeNet Sales or SafeNet Customer Support to inquire about certification status of SafeNet HSM products. If FIPS validation or CC EAL certification are not requirements for you, then the newest version is normally the preferred option.

From the Table of Contents to the left of this window, choose one of the book icons for specific help on:

Configuration

  • preparing your installed Luna SA to integrate with your network and to function with your Client applications

Administration

  • creating and assigning Partitions (virtual HSMs),
  • creating/modifying Users,
  • maintaining the HSM and the network configuration,
  • creating and maintaining HA groups and load balancing,
  • administering SIM ("Multi-million keys"),
  • etc.

Integration

  • special instructions to integrate your Luna SA for optimum use with popular and industry-standard applications

Reference

  • command syntax and descriptions,
  • error codes,
  • time zone codes

Concepts

  • Luna SA features, and related security and cryptographic concepts, as they apply to an HSM Server appliance (that is, general-understanding information, as opposed to instructions or reference material, which you can find in the other major sections of this Help)

 

In no particular order, here are some other familiarization pages that might be of use before you begin configuring your Luna SA:

- How to Use This Help

- What Should I Do First?

- Luna SA Do's and Don'ts

- Notes About Using Luna Shell (lunash)