Content

Rainbow-Chrysalis Luna SA HSM

Of course, we are not all seduced by looks, but this box - with its burnt-orange fascia and wavy ventilation-hole detail - could win an award just for sheer . The Rainbow-Chrysalis Luna SA Hardware Security Module is a tamper-resistant 2U rack mount unit. Installation presented no problems and configuration was carried out using a serial cable link to a command line interface.

Unlike some of the other devices on test, this does not offer any kind of graphical user interface for configuration or monitoring. It can, however, be monitored using SNMP. Operating in command line mode is not to everyone's taste, but presents no problems in this instance.

It is supplied with extensive and comprehensive documentation on CD-Rom, which also contains client software to be installed on the web servers. The documentation is also provided in printed form, which is convenient.

There are guides for installation and set up which lead you through the necessary steps to bring the system online. The Luna SA needs to be configured with one or more logical HSM partitions, which in turn can be configured to contain virtual servers and services, and the keys and certificates associated with them.

Real servers are defined as clients of the partitions and their contents. The system requires trusted links to be set up between the servers and the device, a process which involves installing and running the client software on the servers and exchanging keys and certificates with the Luna SA.

Communication between clients and the virtual servers and services assigned to them can only occur across the trusted links, which use SSL encryption and full two-way digital certificate authentication. The Luna SA prevents unauthorized access to any part of a partition's contents, and also prevents authorized clients from accessing virtual servers and services not allocated to them.

The device can operate as part of a more elaborate set-up or in standalone mode, which is how we tested it. It also supports Microsoft IIS 5.0, IIS 6.0, and Windows ISA Server for Microsoft Windows 2000 Server and Windows Server 2003 as well as Apache Web Server 1.3.27 and 2.0.46 and Sun One Web Server 4.1, 6.0

Once the device is operating correctly, the front panel can be locked away securely behind a tamper-proof screen. This denies access to the serial link, preventing unauthorized reconfiguration.

Product title
Rainbow-Chrysalis Luna SA HSM
Product info
Name: Rainbow-Chrysalis Luna SA HSM (SSL Accelerator group test) Description: Price: $5,995
Strength
Good performance, comprehensive documentation, solidly built, excellent security.
Weakness
The device could have benefited from a browser-based GUI.
Verdict
While it is not the fastest kit on the block, it certainly offers a range of features, performance and security at an acceptable price.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.