KeySafe 5 v1.6.1 Metrics

The labels on the HSM.

The length of elapsed time since the HSM was last reset. This does not include the HSM chassis.

The total number of commands sent for processing from a client to the server or from the server to an HSM. The number of commands currently being processed is the CmdCount minus the ReplyCount.

For an HSM, this is the number of commands received from any client.

The total number of replies sent from a server to a client or from an HSM to a server.

For an HSM, this is the number of replies sent to any client.

The number of times the object store has had a new object put into it.

The number of items that have been deleted from the HSM’s object store and had their corresponding memory released.

The number of client connections currently made to the Connect hardserver.

The number of licensed client connections available.

The number of licensable clients that are currently connected, including both active and parked sessions.

This is only relevant when reported from a hardserver with remote clients that have an image version of 13.5 or later.

All jobs currently in progress on the HSM, including jobs from the SEE machine.

The number of client connections currently made to the server.

The number of licensable clients that are currently connected, including both active and parked sessions.

This is only relevant when reported from a hardserver with remote clients that have an image version of 13.5 or later.

The total number of commands sent for processing from a client to the server.

The total number of replies sent from the server to the client.

The labels on the host.

The current processing load on the HSM. This is represented as a number from 0 to 100.

HSMs typically contain several different types of processing resources, such as the main CPU and RSA acceleration. This means that reporting on HSM load can be imprecise.

Normally, HSMs report 100% CPU load when all RSA processing capacity is occupied. When performing non-RSA tasks, the main CPU and other resources, such as the random number generator, can become saturated without this metric reaching 100%.

The current temperature of different parts of the HSM.

See the following sections for more details about the labels.

The minimum and maximum acceptable temperature values for each sensor.

The maximum temperature recorded by the HSM’s temperature sensor. This is stored in non-volatile memory and is cleared when the unit is initialized.

See the following table for more details about the labels:

The minimum temperature recorded by the HSM’s temperature sensor. This is stored in non-volatile memory and is cleared when the unit is initialized.

See the following table for more details about the labels:

The fan speed for each fan in the HSM.

KeySafe 5 assumes fan speeds greater than 120,000rpm are errors, and instead reports a speed of zero.

The fan speed limits for each fan in the HSM.

These are hardcoded for each HSM type.

The total amount of RAM, allocated and free, available to the HSM. This is equal to the installed RAM size, minus various fixed overheads.

It is a static value that is calculated by KeySafe 5.

The total amount of RAM allocated for kernel use, or non-SEE use, in a module. This is mainly used for the object store, for example, for keys and logical tokens, and for big-number buffers.

The total amount of RAM allocated for kernel use, or non-SEE use, in a module. This is mainly used for the object store, for example, for keys and logical tokens, and for big-number buffers.

The total amount of RAM allocated for user-mode processes in the module. This will be zero for non-SEE use.

This value includes the size of the SEE Machine image and the total heap space available to it. The module’s kernel does not know, and therefore cannot report, how much of the user-mode’s heap is currently free and how much is in use.

The total amount of RAM allocated for user-mode processes in the module. This will be zero for non-SEE use.

This value includes the size of the SEE Machine image and the total heap space available to it. The module’s kernel does not know, and therefore cannot report, how much of the user-mode’s heap is currently free and how much is in use.

The total amount of free space in the NVRAM of the HSM.

This is only available on XC and nShield 5 HSM variants.

The wear level of the HSM’s NVRAM, expressed as a percentage of the "erase count:endurance" ratio.

This is only available on XC and nShield 5 HSM variants.

The percentage of worn blocks in the NVRAM of the HSM

This is only available on XC and nShield 5 HSM variants.

The number of interrupts from the host. This is approximately equal to the total of HostReadCount and HostWriteCount.

This is only applicable to PCI HSMs.

The number of unidentified interrupts from the host. If this reports a nonzero value, it is likely that there is a problem with a driver or the PCI bus.

This is only applicable to PCI HSMs.

The number of deferred reads that have now completed. This should be the same as HostReadDeferred, or one less than it if there is a currently deferred read.

This is only applicable to PCI HSMs.

The number of times the AIS31 random number test has failed. Because this test is a statistical test, a small number of failures is expected. If it fails too often, it will trigger a SOS-HRAO alarm and the module will fail.

The number of correctable memory errors that have been corrected by the error checking and correction (ECC) mechanisms. Typically, this count should be 0, although a small number of errors are to be expected occasionally. If this count increases rapidly, by multiple thousands per second, there has been a malfunction.

The number of times the main processor on an XC module has had to repeat an attempt to communicate with the security processor due to a communication failure. Loss of communication between the main processor and the security processor cause the module to enter an alarm state and fail. This sometimes triggers an SOS-HV alarm.