Applies To:
Show VersionsBIG-IP AAM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP APM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP GTM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP LTM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP AFM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP ASM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
Overview: Manually setting up the SafeNet Luna SA HSM with BIG-IP systems
The SafeNet Luna SA HSM is an external hardware security module that is available for use with BIG-IP® systems. Because it is network-based, you can use the SafeNet solution with all BIG-IP platforms, including VIPRION® Series chassis and appliances and BIG-IP Virtual Edition (VE). You can also configure multiple HSMs as an HA (high availability) group to use with BIG-IP systems. Typically, you would use the script to set up the SafeNet Luna SA HSM. However, in cases where the installation script does not support your network configuration, you can install one or more HSMs manually. For a VIPRION Series chassis, this procedure would require manual setup on the additional blades.
Only RSA-based cipher suites use the network HSM. After installation on the BIG-IP system, the SafeNet Luna SA HSM is compatible with Access Policy Manager® and Application Security Manager™, without additional configuration steps.
For information about using the iControl® interface to configure the Luna SA HSM with BIG-IP systems, consult the F5 DevCentral site (https://devcentral.f5.com/icontrol/).
For additional information about using the Luna SA HSM, contact SafeNet Technical Support (http://www.safenet-inc.com/technical-support/).
Prerequisites for setting up SafeNet Luna SA HSM with BIG-IP systems
Before you can use SafeNet Luna SA HSM with the BIG-IP® system, you must make sure that:
- The SafeNet device is installed on your network.
- The SafeNet device and the BIG-IP system can communicate with each other.
- The SafeNet device has a virtual HSM (HSM Partition) defined before you install the client software on the BIG-IP system.
- The BIG-IP system is licensed for external interface and network HSM.
Additionally, before you begin the installation process, make sure that you have access to:
- The Luna SA Client software (Version 5.1 or 5.2). For VIPRION® system support or configuring multiple HSMs as an HA group, you must use Version 5.2.
- The Luna SA Customer Documentation
Task summary
The implementation process for a manual installation involves preparation of the SafeNet device and the BIG-IP® system, followed by key/certificate management and creation of a client SSL profile to use the key and certificate. If you are setting up multiple HSMs configured as an HA group, you repeat a subset of the manual installation steps for each additional HSM, and then create an HA group. You can generate SafeNet HSM protected keys and corresponding CSR and certificate using either tmsh (recommended) or the fipskey.nethsm utility.
Task list
Preparing to manually install the Luna SA client on the BIG-IP system
Before you can set up the SafeNet Luna SA client software on a BIG-IP® system, you must obtain a valid SafeNet Luna SA client license.