So I just finished up a day of HSM (Hardware Security Module) training using the SafeNET HSMs (Luna) delivered by Bob Woodard, and Skip Norton. All I can say is wow! These HSMs are very cool. The initial setup takes a little bit of time (well for someone who has never done it anyways), but all you really need to do is follow the setup doc step-by-step, and your good to go. Once they are setup, my initial assesment is that they are extremely easy to use.
The coolest part is that all of the keys are stored on the device, so there isn't any bulky key exporting steps that need to happen when you join machines to your RMS cluster. It's FIPS certified, extremely secure, and well, just a cool new toy to play with.
I didn't previously have alot of hands-on experience with HSMs, so I'm really looking forward to digging into this thing and seeing what is fully capable of.
I'm actually going to start playing with WS08 RMS v2, and this device to see how they all work and play together.
I'll post more about my SafeNET HSM experience soon.
This is the device we have in our lab (the skinny model).
Hi Jason, i was wondering if you've tested Luna SA with RMS 2008 server. Is choosing the CSP the only place that it integrates with the HSM? Also have you used CSP or KSP? thanks, Ameneh
Your post is some days here now. Did you find the chance to play a little more with them?
I am currently working on a project that wants to use thos HSMs in conjunction with RMS TPD trust.
Since the principle idea with TPD is to make the private keys of all RMS servers available to the others, we started with a setup where two RMS servers from two different forests share the same HSM partition on the Luna. It looks ok in terms of all RMS seeing all keys and the RMS servers work fine als long they work independent. At the moment I configure TPD both RMS do not even find their own keys anymore. "private key mismatch error message"
I am really curious if you tried TPD with an HSM before.
Thanks for a reply in advance....Martin