PED Entry Device for Remote Workstation
PED Server Software for Remote Workstation
The PED Server Software must be downloaded and installed on the remote workstation (PED Server). This workstation requires a Luna PED connected via USB. It forwards all PED actions and information to the remote PED Server.
In the subsection PED Server Software 2 buttons are displayed to chose from:
Download for Windows
Download for Linux
Select the download depending on the operating system of your remote workstation and follow the instructions.
The software package to be downloaded includes both:
Remote PED and the
Remote Backup Service (RBS).
PED Server for Remote Workstation
The PED server runs on a remote workstation and receives requests from the PED client.
The PED server must have a network connection to the HSM.
This can be one of the following systems:
Host computer with USB-connected Luna Backup HSM, configured for remote backup
Host computer with Luna PCIe HSM 7 installed
Luna Network HSM 7
Host computer with Luna USB HSM 7 connected
PED Server Software Download Process for Windows:
On the Workstation:
Log in to your Next Generation Hardware Appliance.
Open the Security page.
In the section PED Server Software click Download for Windows.
The download starts and stores a .zip file.
In the download directory of your browser extract the .zip file and execute the LunaHSMClient.exe.
Select Luna Device.
In the window that appears, select all the devices in the table.
Click install and close the window.
Right-click to open the terminal as an administrator.
Change the directory to C:\Program Files\SafeNet\LunaClient.
Type PedServer.exe mode start to start the PED server.
Then type PedServer.exe mode show to check whether the PED has a connection to the PED server.
PED Server Software Download Process for Linux:
On the Workstation:
Log in to the Next Generation Hardware Appliance.
Open the Security page.
Click the Download for Linux in the PED Server Software section.
The download starts and stores a .tar file.Open a terminal, navigate to the download directory of your browser and extract the .tar file.
Change to the installation directory for Linux
cd LunaClient_10.7.2-16_Linux/64/
.Install the software
sudo ./install.sh
.Navigate to the following path:
cd /usr/safenet/lunaclient/bin/
Start the PED Server with the following command
sudo ./PedServer -m Start
.Connect the PED to the remote workstation.
On the Next Generation Hardware Appliance:
Prerequisite:
A Luna PED with firmware 2.9.0 (or newer), connected to a workstation (via USB cable).
Workstation must be connected to the powered on Next Generation Hardware Appliance.
Configure the workstation in webconf on the Security page on which the PED server application is running.
Log in to your Next Generation Hardware Appliance.
Open the Security page.
In the section PIN Entry Device (PED) Configuration select PED connected external.
Enter the IP Address of the workstation.
Enter the Port that the server application of the PED is using.
Click Test Remote PED to verify if the PED is reachable at the specified IP address.
Click Save PED Configuration to confirm the settings.
Possible warning: ERROR messages for the remote PED configuration:
Remote PED connection failed: Connection refused.
The host responds, but no process at this port/location.Remote PED connection failed: TIMEOUT
The host is not responding (no host)Remote PED connection failed: Invalid Service
The host responds, but it is the wrong process on this port, the PED Server is not running at this location.
The IP address or port entry may have been incorrect.
The remote workstation running the PED Server application must be reconfigured.
Remote PED Vector (RPV) Settings
If the appliance is in Secure Transport Mode it is not possible to initialize Remote PED Vector. Refer to Secure Transport Mode (STM).
The RPV is a randomly generated, encrypted value. This value is generated to enable authentication between a remote PED via the PED Server and the HSM via the PED Client.
In the Remote PED Vector Settings subsection, click Initialize Remote PED Vector.
Follow the process in the Initialize PED Vector-Summary.
There is a step where a password is displayed in webconf, which must be entered into the PED for verification. In addition, an orange PED Key is required.Click Finalize to finish the process.
The RPV Status is displayed on the right-hand side of the subsection and should now have changed from Uninitialized to Initialized.
Webconf offers the option to cancel/abort the process at various points during initialization.