To enable support for Thales Luna Network HSM, the downloaded Thales Luna client software bundle must be uploaded to the NSX Advanced Load Balancer Controller. It must be named “safenet.tar” and can be prepared as follows:

  • Copy files from the downloaded software into any given directory (for instance, safenet_pkg).

  • Change directory (cd) to that directory, and enter the cp commands as follows:

Note:

This example uses HSM version 7.3.3.

cp 610-012382-008_revC/linux/64/configurator-5.4.1-2.x86_64.rpm configurator-5.4.1-2.x86_64.rpm
cp LunaClient_7.3.0-165_Linux/64/configurator-7.3.0-165.x86_64.rpm configurator-7.3.0-165.x86_64.rpm
cp LunaClient_7.3.0-165_Linux/64/libcryptoki-7.3.0-165.x86_64.rpm libcryptoki-7.3.0-165.x86_64.rpm
cp LunaClient_7.3.0-165_Linux/64/vtl-7.3.0-165.x86_64.rpm vtl-7.3.0-165.x86_64.rpm
cp LunaClient_7.3.0-165_Linux/64/lunacmu-7.3.0-165.x86_64.rpm lunacmu-7.3.0-165.x86_64.rpm
cp LunaClient_7.3.0-165_Linux/64/cklog-7.3.0-165.x86_64.rpm cklog-7.3.0-165.x86_64.rpm
cp LunaClient_7.3.0-165_Linux/64/multitoken-7.3.0-165.x86_64.rpm multitoken-7.3.0-165.x86_64.rpm
cp LunaClient_7.3.0-165_Linux/64/ckdemo-7.3.0-165.x86_64.rpm ckdemo-7.3.0-165.x86_64.rpm
cp LunaClient_7.3.0-165_Linux/64/lunacm-7.3.0-165.x86_64.rpm lunacm-7.3.0-165.x86_64.rpm
tar -cvf safenet.tar configurator-7.3.0-165.x86_64.rpm libcryptoki-7.3.0-165.x86_64.rpm vtl-7.3.0-165.x86_64.rpm lunacmu-7.3.0-165.x86_64.rpm cklog-7.3.0-165.x86_64.rpm multitoken-7.3.0-165.x86_64.rpm ckdemo-7.3.0-165.x86_64.rpm lunacm-7.3.0-165.x86_64.rpm
  • HSM package can be uploaded in the web interface at Administration > Settings > Upload HSM Packages.

  • HSM package upload is also supported through the CLI. You can use the following command in the NSX Advanced Load Balancer Controller CLI shell to upload the HSM package:

upload hsmpackage filename /tmp/safenet_pkg/safenet.tar

This command uploads the packages and installs them on the NSX Advanced Load Balancer Controller or NSX Advanced Load Balancer Controller's (if clustered). If the Controller is deployed as a 3-node cluster, the command installs the packages on all 3 nodes. Upon completion of the above command, the system displays “HSM Package uploaded successfully” message.

  • NSX Advanced Load Balancer Controller Service Engines in an SE group referring to an HSM group need a one-time reboot for auto-installation of the HSM packages. To reboot an NSX Advanced Load Balancer Controller SE, issue the following CLI shell command:

reboot serviceengine Avi-se-ksueq
  • To allow NSX Advanced Load Balancer Controller to talk to Thales Luna HSM, the Thales Luna client software bundle distributed with the product must be uploaded to NSX Advanced Load Balancer Controller. The software bundle preparation and upload is described above. In this example, note that the NSX Advanced Load Balancer Controller SE name is “Avi-se-ksueq.”