Home
News
Dienstleistungen
Produkte
Support
IBASEC3
FAQ
Über keyon
Partner
Kontakt
de en
 
 
  Seite als PDF
Table of contents    
#1 Which services are offered by Keyon?
#2 Does Keyon offer IBASEC specific integration services?
#3 How can I determine the IP address of an HSM?
#4 There are two network interfaces. Which one is configured for IBASEC?
#5 How can I determine the assignment of a PED key to a specific HSM?
#6 Are the PED keys PIN protected?
#7 Can't start IBASEC applications on Luna SP HSM - C_Initialize returns 0x30
#8 Java HotSpot Client VM warning: Can't detect initial thread stack location
#9 How to handle a damaged HW components without Premium Support?
#10 Important manual update: Connect a new HSM with "Premium Rollout"
#11 How to change the IP address?
#12 How can I easily check if the IBASEC applicatiosn are running correctly?
#13 IBASEC / SWIFT interoperability with the PIN Entry Device (PED)
#14 Luna SP Front-panel display explained - System state
#15 Luna SP Front-panel display explained - Flashing backlight
#16 Download all Luna SP logfiles without using the IBASEC Server
 
 
#1 Which services are offered by Keyon?  
All the services in connection with the IBASEC Premium Rollout and IBASEC Premium Support are described in this document. [En ] [De ]  
 
#2 Does Keyon offer IBASEC specific integration services?  

It is assumed that most of the Finance Institutes already work together with a System Integrator providing IBASEC specific integration and configuration services.

However Keyon offers support for installation, configuration and operation of the hardware components charged on a time and material base. Please ask for a specific offer.		  
 
#3 How can I determine the IP address of an HSM?  
1.

The IP address is shown on the display on the front of your HSM. Depending of the amount of digits of your IP address you'll show the following information for Network adapter 0 (eth0):

E0-10.20.30.40

0-192.168.200.23
2. As from April, 17th 2007 the IP address is also stated on you PIN letter. [Example ].
 
 
#4 There are two network interfaces. Which one is configured for IBASEC?  

Only the Ethernet network adapter eth0 (labeled 1) is configured according to your information in the order form.

The Ethernet network adapter eth1 (labeled 2) is not initialized but may be used for administration purposes. Please ask your service provider for further information or ask for our IBASEC specific Services.

  
 
#5 How can I determine the assignment of a PED key to a specific HSM?  
For each Luna SP HSM a set of 2 * blue (Security Officer), 2 * red (Domain) and 2 * black (Partition owner) labeled iKeys are delivered. All iKeys of a specific color are identical and may be used with any HSM.  
 
#6 Are the PED keys PIN protected?  

PED keys have no PIN. Just press the <Enter> button on the PED if you are asked to enter a PIN.

Please ask your service provider if you want to protect your PED key with a PIN. You may ask for our IBASEC specific Services.

  
#7 Can't start IBASEC applications on Luna SP HSM - C_Initialize returns 0x30  

There might be several problems in conjunction with the following error:

C_Initialize returns 0x30 [see example]

This problem occurs if the Luna SP appliance is out of sync. To fix this problem please login into the secure shell (SSH) and perform the following commands [as textfile] :

spadmin halt all
spconfig lunaSP hsm
spconfig lunaSP network
spconfig partition cachePassword <PIN from PIN Letter>
spadmin start webService

The IBASEC Premium Rollout settings remain. See also #12.

  
#8 Java HotSpot Client VM warning: Can't detect initial thread stack location  

You always get the following warning when you execute a Luna SP command in the secure shell (SSH):

Java HotSpot(TM) Client VM warning: Can't detect initial thread stack location [see example]

This warning occurs since the Java Virtual Machine runs in a jailed environment. You can simply ignore it.

  
#9 How to handle a damaged HW components without Premium Support?  

There are two possibilites on how to handle a damaged Luna SP HSM, PED or Backup Token device without Premium Support.

1.

You can make use of the Incident-Based IBASEC Premium Support as described in the Premium Rollout and Support.

In this case Keyon handles the whole RMA (exchange) process including customs learance, administration, transport insurance, etc.

Note: The Incident-Based IBASEC Premium Support requires a SafeNet EXTENDED Support. If EXTENDED Support is not applicable additional charges apply.
2. You can do the RMA (exchange) process yourself.

In this case you have to contact the SafeNet support team via support@safenet-inc.com and explain the problem. The support team will contact you and will provide some suggestions that could be solving the problem. If nothing helps support will confirm that SafeNet have to do a RMA and will send you a RMA form to fill in. After getting back this form customer service will be contacted and check the maintenance level with maintenance department.

Please contact support@safenet-inc.com for further information.
 
#10 Important manual update: Connect a new HSM with "Premium Rollout"  

IMPORTANT new processing as to the initial setting of the Admin and the Partition Password according to this PIN letter (Premium Rollout):

Please note that the Use Case 11 (Connect a new HSM with "Premium Rollout") differs from the last User Manual version 2.3 published on March 26, 2007. The updated Use Case is now available in the most recent User Manual version 2.4 from April 30, 2007. It can be downloaded here.

  
#11 How to change the IP address?  

Login via the serial console (not via secure shell (SSH)) and perform the following commands [as textfile]:

spadmin halt all
network interface device eth0 ip <IP HSM>
        gateway <IP Gateway> netmask <IP Netmask> force
service restart syslog force
service restart network force
sysconf regenCert force
service restart ntls force
spconfig lunaSP hsm
spconfig lunaSP network
spconfig partition cachePassword <PIN from PIN Letter>
spadmin start webService

The IBASEC Premium Rollout settings remain. See also #12.

  
#12 How can I easily check if the IBASEC applicatiosn are running correctly?  

Login via the serial console or via secure shell (SSH) and perform the following command:

sp getversion

The result looks like this.

  
#13 IBASEC / SWIFT interoperability with the PIN Entry Device (PED)  

The PIN Entry Device (PED) used at IBASEC (Luna SP) is the same as used at SWIFT (Luna IS). It is not bound to a specific Luna HSM and can be used by either system.

Note: The IBASEC Hardware is provided under special contract conditions. The use of any hardware parts such as the PIN Entry Device (PED) for non IBASEC purpose may violate the contract.

  
#14 Luna SP Front-panel display explained - System state  

The Luna SA front-panel LCD provides system status summary information which are explained in this PDF document (Extract from Luna SP 2.0 Product Documentation, Copyright 2006 SafeNet, Inc.).

The status summary can be either read of the display or by entering the following command in the console (ssh or serial):

status sysstat show

The result looks like this.

  
#15 Luna SP Front-panel display explained - Flashing backlight  

A flashing backlight on the Luna SA front-panel may indicate a problem. Please check the system state (#14)  and perform the following commands (ssh or serial).

hsm information reset
hsm information show

The result looks like this. Please contact your service provider if the problem remains.

  
#16 Download all Luna SP logfiles without using the IBASEC Server  

Normally all the Luna SP specific log files can be downloaded using the functionality of IBASEC server. But there might be some circumstances where the log files have to be downloaded manually.

Follow this guideline if you have to download the log files manually.