Administration
The HSM provides administration and maintenance services not directly related to encryption and user management services. These services are: backing up and restoring the database, monitoring usage statistics (sessions, CPU, memory), monitoring events in real time, updating firmware and extracting log records. To perform these operations, HSM users must have special permissions, called system permissions.
The system permissions are:
- Create and remove users;
- List users;
- Access to logs;
- Creating and restoring backups;
- Firmware update.
HSM distinguishes between two types of user: the ordinary user, or simply user, and the operator or administrator user. The operator user always has all the system permissions, while the ordinary user will have permissions at the discretion of the HSM operator who created him.
The user's actions within the session are recorded in a log file in the HSM. This log file can be retrieved or reset at any time by a user with the appropriate permissions.
The HSM architecture provides a secure method for updating firmware. These updates are called Update Packs or simply Upacks. Although only Dinamo Networks can generate Upacks, as they are encrypted and digitally signed, an operator or user with the appropriate permission can easily perform the update, without the need to open the equipment or send it to specialized support. Every Upack submitted to HSM will be validated in HSM before being accepted.