cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Limit to number of SSL keys?

 

We have nCipher nFast HSMs on AMDs and wonder if there is a limit to the number of SSL keys that either the card can hanlde or the AMD can handle?

Happens to be running 11.5 currently if that matters.

Thanks

9 REPLIES 9

ulf_thorn222
Inactive

Hi

There is of course a limit since the keys are stored but it differs from model to model.

You can check your specific model over at https://www.thales-esecurity.com/

Nice - of course it may help if we knew what model we have - any way of interrogating it and getting the answer I need?

Cheers

ulf_thorn222
Inactive

This is where it's getting interesting (big grin) 

Do you mean you have no access to the AMD?

If you have you can probably run the LSPCI -v command or KUDZU -v and get the essentials.

Hmmm...

42:02.0 Co-processor: Intel Corporation 21555 Non transparent PCI-to-PCI Bridge (rev 03)
Subsystem: Ncipher Corp Ltd Unknown device 0100
Flags: bus master, 66MHz, medium devsel, latency 8, IRQ 67
Memory at dfcf0000 (32-bit, non-prefetchable) [size=4K]
I/O ports at 4000 [size=256]
Memory at d9e00000 (32-bit, prefetchable) [size=1M]
Capabilities: [dc] Power Management version 2
Capabilities: [e4] Vital Product Data
Capabilities: [ec] #06 [0080]

Unknown Device.

 

Any of the nfast tools allow me to interrogate?

ulf_thorn222
Inactive

Not sure - I've lost my login to Thales and the mental HD is blank (tongue)

If it's fairly new you should still be able to knock on their support door?

Well, HSMs were bought with the AMDs direct from Compuware as part of a bundle, so we've never had any dealiings with Thales.

As it's running 11.5, you can probably guess it's not new either!

I'm really after a ballpark figure - 100, 1000 etc as we need to do a tactical 'Add these new servers' before we can finally upgrade to latest DCRUM version! (A project kicking off as I type) 

I want to be reasonably confident that we can accomodate the extra servers which all have SSL 

So saying that - I guess the shipping bills are lost in time?

Then I see only 2 options:

  1. Boot and go into BIOS and see what it says.
  2. Pry the box open and read the print on the card.

If you have the ILO board activated that should potentially give you another way in. 

chris_v
Dynatrace Pro
Dynatrace Pro

An exact number isn't really possible. different key sizes will of course consume different amounts of space on the card.

I've a customer with a nCipher HSM and they have a 'couple hundred' (I'm not up to date on the exact number) keys loaded.

 

Thanks Chris - just what I was after.... more than enough space then (smile)