Skip to content

Local operation

HSM Operation refers to the options and means of configuring the HSM's operating parameters, such as initialization and activation. Physical access to the HSM is required to use the input, output, control and status interfaces.

Local Console

The HSM is configured via a local console (video monitor and keyboard) connected directly to the HSM, thus providing atrusted path for entering the HSM's configuration data.

To use the Local Console, you need physical access to the HSM, possession of the smart cards containing the Server Master Key and knowledge of the PIN for each card. The number of cards varies according to the M of N scheme parameters chosen during HSM initialization, and is a minimum of 2 and a maximum of 64.

The local console of Dinamo is used for administrative activities such as starting up, activating and shutting down the HSM, changing network parameters, resetting the database, changing the date and time, among others. Through the local console it is also possible to monitor some of the HSM's counters in real time, such as CPU and memory usage and active client sessions.

To use the local console, the following items are required:

  1. Video monitor (not supplied);
  2. USB keyboard (not supplied);
  3. HSM operating smart cards (ISO 7816 standard).

Info

If the HSM has not yet been initialized, see the Initialization item. Before authentication, no network services will be available on the HSM.

The local console is based on an interface of menus, message boxes and dialogs.

Local console operation:

  1. Navigate between menu options: use the arrow keys.
  2. To return to the previous menu without making any changes: press the key Esc or use the arrow option
  3. Navigate between fields and buttons in dialog windows: press Tab or use the arrow keys.
  4. Before pressing Enter to activate a button, check that the desired button has focus (it is highlighted from the others).

Right-pointing arrows in menus indicate entry into a new submenu and left-pointing arrows indicate return to the previous menu (same as the key). Esc). Navigation through the menus and submenus can also be done with the right and left arrow keys.

The default options on the message box buttons are always to protect the data and preserve the HSM's operation; most of the time you will need to remove the default option to confirm the operation.

Attention

After some time of inactivity on the keyboard, the HSM firmware will activate a screen saver, cutting off the video signal to save energy. To resume the video signal, you need to press a key. This is especially important in situations where the HSM is left running for long periods without video and keyboard. When reconnecting the monitor, you must also reconnect the keyboard and press a key to reactivate the video signal.

When the HSM is switched on, after the hardware tests, operating environment start-up and HSM self-tests, the initial screen is displayed, with version information, HSM serial number, operating mode, hardware profile, TP Key identification and copyright terms. Press the Enter key key and the PIN entry screen appears.

                       Dinamo - Local Management Console
       ┌─────────────────────────────┤  ├──────────────────────────────┐
       │                                                               │
       │         Dinamo   5.0.36.0 (DXP) - TCA0000000                ↑ │
       │                                                             ▓ │
       │             Operation mode: NRM                             ▒ │
       │           Hardware profile: 6.08E.1.01.01.01F.5.10.102U     ▒ │
       │           SVMK fingerprint: 62:74:97:AF:33:FA:FB:44         ▒ │
       │                      TPOEM: 9C1531FF                        ▒ │
       │                                                             ▒ │
       │   Includes thirdy-party software. All rights reserved.      ▒ │
       │                                                             ▒ │
       │    Copyright © Free Software Foundation, Inc.               ▒ │
       │    Copyright © 1998-2018 The OpenSSL Project.               ▒ │
       │    Copyright © 1997-2018 Red Hat Software, Inc.             ▒ │
       │    Copyright © 2002-2018 Aleksey Sanin.                     ↓ │
       │                                                               │
       │                            ┌────┐                             │
       │                            │ OK │                             │
       │                            └────┘                             │
       │                                                               │
       │                                                               │
       └───────────────────────────────────────────────────────────────┘

  Service stopped                                   Replication Domain: <none>
Home screen Dinamo

The information on this screen is also displayed in the About option in the main menu.

The local console services screen consists of the title bar, main menu and a status bar.

The title bar at the top of the screen tells you the name of the console you are running (Local Management Console).

The main menu contains the options and entries for sub-options of the HSM configuration tasks.

The main menu options are:

  1. About: shows information about the HSM version, serial number and copyright.
  2. Start/Stop Service: starts/stops the HSM service, loads the configured modules and starts accepting requests from client applications.
  3. Remote Management: leaves the console in remote management mode.
  4. Monitor: monitors in real time the utilization rate of physical memory, swap memory and CPU; active modules, active client connections and the general status of the HSM hardware.
  5. Configuration: configures network parameters (IP address, mask, default gateway, speed and routes) on the network interfaces, device date and time, operating mode, OEM security code, manages smart cards and resets the database.
  6. Partition: operations with partitions, such as state management for M of N authentication and local encryption.
  7. Self Test: triggers the execution of internal tests.
  8. Lock Console: immediately locks the remote console in the terminal emulator software. It can only be unlocked by inserting the smart card and entering the PIN.
  9. Power Off: restarting or shutting down the HSM in an orderly manner.
                        Dinamo - Local Management Console






                         ┌──────────┤ Main ├──────────┐
                         │    About                   │
                         │    Start Service           │
                         │    Monitor              ▸  │
                         │    Remote Management       │
                         │    Configuration        ▸  │
                         │    Partition            ▸  │
                         │    Self Test               │
                         │    Lock Console            │
                         │    Power Off            ▸  │
                         └────────────────────────────┘






  Service stopped                                   Replication Domain: <none>
Local Console main menu

The status bar informs you of the status of the HSM, which can be:

  1. Service stopped: the HSM service is stopped and ready to start up and load the modules (there is only network service);
  2. Service running...: the HSM service is running and the configured modules are loaded (the HSM accepts requests from applications over the network);
  3. Server stopping...: HSM services are being stopped and the modules unloaded;
  4. Running Self Tests...: the HSM is performing self-tests, which can be automatic (on HSM load) or on operator demand;
  5. Waiting smart card reader response...: the HSM has requested information or processing from the smart card CPU and is waiting for a response

In addition to the status information, the name of the Replication Domain is also displayed, if the HSM belongs to one.