Applies To:
Show VersionsBIG-IP AAM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
BIG-IP APM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
BIG-IP GTM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
BIG-IP LTM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
BIG-IP AFM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
BIG-IP ASM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
Implementing the SafeNet Luna HSM with BIG-IP Systems
Overview: Implementing the SafeNet Luna SA HSM with BIG-IP Systems
The SafeNet Luna SA HSM is an external HSM that is available for use with BIG-IP® systems. Because it is network-based, you can use the SafeNet solution with all BIG-IP appliances and BIG-IP Virtual Edition (VE). For interoperability information, refer to the Interoperability Matrix for BIG-IP TMOS with SafeNet Clients and HSM on the AskF5™ web site located at support.f5.com.
For additional information about using the Luna SA HSM, contact SafeNet Technical Support (http://www.safenet-inc.com/technical-support/).
Task summary
The implementation process involves preparation of the SafeNet device and the BIG-IP® system, followed by key/certificate management and creation of a client SSL profile to use the key and certificate.
Task list
Prerequisites for implementing BIG-IP and SafeNet Luna SA HSM
Before you can use SafeNet Luna SA HSM with the BIG-IP® system, you must make sure that:
- The SafeNet device is installed on your network.
- The SafeNet device and the BIG-IP system can initiate connections with each other.
- The SafeNet device should have a virtual HSM (HSM Partition) defined before you install the client software on the BIG-IP system.
- The BIG-IP system is licensed for external interface and network HSM.
- The BIG-IP system has FIPS 140-2 or FIPS 140-3 compliant ciphers, depending upon your security needs. For information about FIPS compliant ciphers, see Annex A: Approved Security Functions for FIPS PUB 140-2 (http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf) and SOL8802 for a complete list of supported ciphers at http://support.f5.com.
Additionally, before you begin the installation process, make sure that you have access to:
- The Luna SA Client software (Version 5.1)
- The Luna SA Customer Documentation
Preparing to install the Luna SA client on the BIG-IP system
Before you can set up the SafeNet Luna SA client software on a BIG-IP® system, you must obtain the software tarball from F5® and copy it to the BIG-IP system using secure copy (SCP).