Getting Started¶
This chapter describes the physical installation and provisioning of the NetHSM.
Verify Sealed Hardware¶
Your NetHSM hardware has been delivered in a sealed packaging.
Please follow the three step process closely to verify that it has arrived safely.
Check the wrapping paper for any tears, cuts, holes or broken sealing.
Check the unique handmade glitter seal on top of the wrapping paper. You will receive a picture of it from us after wrapping via e-mail. Compare the received picture with the seal. If you notice any changes, please contact us to arrange further action.
After verifying that the sealing of the wrapping paper is not broken, remove the wrapping paper. Finally, check the four seals on the side of the NetHSM hardware.
Hardware Installation¶
The NetHSM hardware chassis is designed to be rack mounted. Please make sure it is installed in a compatible rack. Please follow the two step process closely to install the NetHSM hardware.
Connect the power cable with the Power Port, and the network cable with the Network Port. Further, press the Power Switch to turn on power.
Press the Power Button to turn on the NetHSM hardware. The Reset Button is only for a forced reboot of the NetHSM hardware. If the NetHSM hardware is running, the Power Indicator on the front will light.
Warning
Do not use the BMC Network Port because it allows wider system access.
In an unprovisioned state the NetHSM hardware factory default IP address is 192.168.1.1
.
Provisioning¶
A new or otherwise Unprovisioned NetHSM needs to be provisioned first with passphrases and the current time. The Admin Passphrase is for the first user account, which is the superuser of the NetHSM. The Unlock Passphrase is used to decrypt NetHSM’s User Data.
Warning
The unlock passphrase cannot be reset without knowing the current value. If the unlock passphrase is lost, neither can it be reset to a new value nor can the NetHSM be unlocked.
The initial provisioning is executed as follows.
Optional Options
Option |
Description |
---|---|
|
The system time to set (Format: |
Note
If the time is not passed manually, it will be derived from the system nitropy is running on. If the time is passed manually, make sure to pass the time in UTC timezone.
Example
$ nitropy nethsm --host $NETHSM_HOST provision
Unlock passphrase:
Repeat for confirmation:
Admin passphrase:
Repeat for confirmation:
Warning: The unlock passphrase cannot be reset without knowing the current value. If the unlock passphrase is lost, neither can it be reset to a new value nor can the NetHSM be unlocked.
NetHSM localhost:8443 provisioned
Information about the /provision endpoint can be found in the API documentation.
Warning
The default boot mode is Attended Boot. Please refer to chapter Boot Mode to learn more.