Hardware Security Module (HSM) data encryption with SafeNet

Besides the default encryption method, PAM360 provides support for SafeNet Luna PCIe HSM to give administrators the option to enable hardware data encryption for PAM360.

You can integrate PAM360 with the SafeNet Hardware Security Module that can handle all the encryption and decryption methods. In addition to this, SafeNet HSM can also store the encrypted key directly in its hardware module that is fitted to a computer or a network server.

PAM360's integration with SafeNet Luna PCIe HSM allows you to use the HSM to encrypt your data as well as to store it within the device itself.

At the end of this document, you will have learned the following:

  1. Workflow
  2. Configuring SafeNet HSM for PAM360
  3. Migrating to the SafeNet HSM Encryption Method

1. Workflow

2. Configuring SafeNet HSM for PAM360

  1. If you choose SafeNet HSM as your encryption method, you first need to configure the HSM device for your network requirements.
  2. You can download the SafeNet installation guide for steps on that.
  3. After the installation process is complete, use command prompt to choose a slot number and set a password for the HSM. Once the set up is done, this slot number and password will be used to switch encryption methods.
  4. After testing the HSM connection, you may continue with the migration process.

3. Migrating to the SafeNet HSM Encryption Method

You can follow the below steps to initiate the migration:

  1. Stop the PAM360 service.
  2. Open a command prompt and navigate to <PAM360_SERVER_HOME>\bin directory.
  3. Execute the following command:

    For Windows:

    For Linux:
    sh MigratePAM360EncryptionToSafeNetHSMEncryption.sh

  4. This will bring up the following dialog box:

  5. Here, enter the SafeNet HSM password and slot number in the dialog box and click on Migrate.
  6. Restart the PAM360 service to complete the migration.
  7. To check which method of encryption is currently applied to your data, go to the Admin tab in PAM360 GUI and select Encryption and HSM under Manage.