After adding a new Thales Luna Hardware Security Module (HSM) to Thales Crypto Command Center, it must be authorized. This video tutorial covers the step-by-step authorization of a PED-authenticated Luna HSM.
In the video titled "Thales Crypto Command Center Training - Authorize a PED Authenticated Luna HSM Device," the presenter provides a comprehensive tutorial on how to authorize a Luna 7 PED (Portable Electronic Device) within the Thales Crypto Command Center (CCC). This process involves connecting an external component, the remote PAD server, and an OPET (Operator Portable Electronic Terminal) device.
The presenter emphasizes the need for complexity in this authorization process due to the absence of direct physical access to the Luna HSM (Hardware Security Module) device. The CCC serves as a centralized command center console, enabling remote management and monitoring, making it essential for authorizing Luna devices from a remote location.
To begin the authorization process, the presenter showcases the setup of an RDP (Remote Desktop Protocol) session on a Windows 10 workstation. This workstation is equipped with a USB-connected head device in remote PAD mode, which facilitates communication with the Luna HSM. Additionally, a VPN connection is configured between the Luna device's data center and the workstation, ensuring secure communication. The presenter highlights the importance of noting the PED server's IP address and port number.
In the CCC interface, the authorization process is initiated by clicking on the "Authorize" button. Users are prompted to input the PED server's IP address and port. Once these details are entered, the authorization process commences, and the CCC establishes a connection with the Luna HSM.
During the authorization process, the video explains that a remote tunnel needs to be set up, similar to other HSM-initiated connections. The presenter demonstrates that the PED device will prompt the user to input an orange key and an associated PIN to establish this tunnel securely. This ensures that the Luna HSM and the
CCC can communicate effectively.
After successfully setting up the remote tunnel, the final step in the authorization process requires the user to input a blue key, often referred to as the Security Officer key, on the PED device. This key is crucial for enhancing security and ensuring that only authorized personnel can complete the authorization process.
Once the blue key is input correctly, the video concludes that the Luna device is successfully authorized for use within the CCC. A confirmation message is displayed, indicating that the device is now ready for creating services, monitoring, and management through the CCC.
In summary, the video provides a detailed guide on authorizing a Luna 7 PED within the Thales Crypto Command Center. This involves setting up an external remote PAD server, configuring a remote desktop session with a USB-connected head device, and securely inputting keys to establish communication between the CCC and the Luna HSM. The tutorial highlights the importance of security measures and emphasizes that authorization enables users to utilize the CCC for creating partitions and services, as well as monitoring and managing Luna HSM devices remotely. This instructional video serves as a valuable resource for individuals looking to navigate the intricacies of Luna HSM device authorization within the Thales Crypto Command Center.