This section explains the procedure to install the Thales Luna software bundle onto the NSX Advanced Load Balancer Controller.

To enable support for Thales Luna Network HSM, the downloaded Thales Luna client software bundle must be uploaded to the NSX Advanced Load Balancer Controller. It must be named safenet.tar and can be prepared as follows:

• Copy files from the downloaded software into any given directory, for instance, safenet_pkg.

• Change directory (cd) to that directory, and enter the cp commands as follows:

  • Extract the tar file using tar -xzf 610-000397-003_SW_Linux_Luna_Client_V7.3.0_RevA.tar.

    Note:

    This example uses HSM version 7.3.3.

    cp LunaClient_7.3.0-165_Linux/64/configurator-7.3.0-165.x86_64.rpm configurator-7.3.0-165.x86_64.rpm
    cp LunaClient_7.3.0-165_Linux/64/libcryptoki-7.3.0-165.x86_64.rpm libcryptoki-7.3.0-165.x86_64.rpm
    cp LunaClient_7.3.0-165_Linux/64/vtl-7.3.0-165.x86_64.rpm vtl-7.3.0-165.x86_64.rpm
    cp LunaClient_7.3.0-165_Linux/64/lunacmu-7.3.0-165.x86_64.rpm lunacmu-7.3.0-165.x86_64.rpm
    cp LunaClient_7.3.0-165_Linux/64/cklog-7.3.0-165.x86_64.rpm cklog-7.3.0-165.x86_64.rpm
    cp LunaClient_7.3.0-165_Linux/64/multitoken-7.3.0-165.x86_64.rpm multitoken-7.3.0-165.x86_64.rpm
    cp LunaClient_7.3.0-165_Linux/64/ckdemo-7.3.0-165.x86_64.rpm ckdemo-7.3.0-165.x86_64.rpm
    cp LunaClient_7.3.0-165_Linux/64/lunacm-7.3.0-165.x86_64.rpm lunacm-7.3.0-165.x86_64.rpm
    tar -cvf safenet.tar configurator-7.3.0-165.x86_64.rpm libcryptoki-7.3.0-165.x86_64.rpm vtl-7.3.0-165.x86_64.rpm lunacmu-7.3.0-165.x86_64.rpm cklog-7.3.0-165.x86_64.rpm multitoken-7.3.0-165.x86_64.rpm ckdemo-7.3.0-165.x86_64.rpm lunacm-7.3.0-165.x86_64.rpm

• HSM package can be uploaded in the web interface at Administration > Settings > Upload HSM Packages.

• HSM package upload is also supported through the CLI. You can use the following command in the NSX Advanced Load Balancer Controller CLI shell to upload the HSM package:

  upload hsmpackage filename /tmp/safenet_pkg/safenet.tar

This command uploads the packages and installs them on the NSX Advanced Load Balancer Controller or NSX Advanced Load Balancer Controller,if clustered. If the Controller is deployed as a three-node cluster, the command installs the packages on all three nodes. Upon completion of the above command, the system displays HSM Package uploaded successfully message.

• NSX Advanced Load Balancer Service Engines in an SE group referring to an HSM group need a one-time reboot for auto-installation of the HSM packages. To reboot NSX Advanced Load Balancer SE, issue the following CLI shell command:

  reboot serviceengine Avi-se-ksueq

• To allow NSX Advanced Load Balancer Controllers to talk to Thales Luna HSM, the Thales Luna client software bundle distributed with the product must be uploaded to NSX Advanced Load Balancer. The software bundle preparation and upload is described above. In this example, note that the NSX Advanced Load Balancer SE name is Avi-se-ksueq.