Show the Table of Contents
Network Trust Links (NTL) are secure, authenticated network connections between the Luna SA and Clients. NTLs use two-way digital certificate authentication and TLS data encryption to protect sensitive data as it is transmitted between HSM Partitions on the Luna SA and Clients.
On the Luna appliance, port 1792 is used.
NTLs consist of three parts:
The Luna SA can support up to 800 simultaneous NTL connections. There is some overhead in setting up each link, so if you are using a large number of links, it is best to stagger their starts, to avoid timeout.
The 800-connection capability is important for client applications that are multi-process based, rather than multi-threaded.
With the assistance of your local network administrator, you should already have prepared the Client system(this section is about introducing a Client to the HSM appliance, by creating and exchanging certificates, so that the two systems recognize each other, so the Client needs all the standard network setup required of any networked computer — contact your Network Administrator for assistance) for network connection. This means:
In order to connect a Client to an HSM Partition on the HSM appliance, you must first create a Network Trust Link (NTL) between them. An NTL consists of:
Network Trust Links use digital certificates to verify the identities of connecting clients. During the initial HSM system configuration (earlier in this chapter), the Administrator generated a unique certificate that identifies the HSM appliance. Similarly, each Client must generate its own certificate that identifies it uniquely (next section). Both the Client and the HSM appliance use these certificates to verify the other’s identity before an NTL is created between them.
To create an NTL, the Client and HSM appliance must first exchange certificates. Once the certificates have been exchanged, the Client registers the Luna SA’s certificate in a trust list, and the Luna SA appliance, in turn, registers the Client’s certificate in its list of clients.
When the certificates have been exchanged and registered at each end, the NTL is ready to use. This is described in upcoming pages of this section.
The client software was installed for your operating system during the general installation (refer to the Luna SA QuickStart Guide).
You will perform the actions in this section:
Import a Server Cert
Go to the next page, Import HSM Server Cert onto Client —
Choose the version of the page (click the appropriate link below) for
your client computer's operating system:
"Import HSM Appliance Server Certificate onto Client (UNIX)"
"Import HSM Appliance Server Certificate onto Client (Windows)"
Show the Table of Contents