Manage an nShield 5c 10G with KeySafe 5

KeySafe 5 lists the HSMs in your nShield estate. It displays the status, identifier, firmware version, and other information about each HSM.

The following sections explain how to perform various HSM management tasks using KeySafe 5.

While an HSM is rebooting or shutting down, KeySafe 5 displays an "Unhealthy" status. It also displays the process taking place in the Power State field.

When the HSM is back online and reconnected to KeySafe 5, the status returns to "Healthy".

To shutdown, reboot, or reset the HSM to factory state:

  1. In KeySafe 5, select the Hardware Management tab and then select the HSM from the list.

  2. In the HSM Detail page, from the Actions > drop-down list select the required option:

    • Shutdown: Prompts for confirmation and then shuts the HSM down.

    • Reboot: Prompts for confirmation, then reboots the HSM.

    • Factory State: Prompts for confirmation, then restores the HSM to its original factory state and reboots it.

      Factory stating an HSM removes it from the HSM list in KeySafe 5, so you need to reconfigure it.

Reconfigure an nShield 5c 10G

  1. Connect to the HSM using the Serial Console and the username cli.

  2. Reset the password by entering the default password, admin, when prompted for the current password.

  3. When prompted, enter a new password.

  4. Check the KeySafe 5 platform configuration:

    ks5agent cfg

    The settings have been restored to the defaults.

  5. Reconfigure the HSM as required using ks5agent cfg.

  6. Stop and restart the KeySafe 5 agent service so that it picks up the new HSM:

    ks5agent service stop
ks5agent service start

    The HSM now appears in the HSM list on the KeySafe 5 Hardware Management tab.

To display the HSM Detail page, where you can view further information about the HSM and its firmware, and perform management operations, select the row containing the required HSM.