Oracle Cloud Infrastructure Documentation

Activating an HSM Cluster

Activate the HSM cluster.

After the HSM cluster is initialized, the state changes to "Activation Required." In this state you complete the following steps:
  • Get DNS name - Get HSM partition DNS name for the HSM cluster in "Activation Required" state. For more information, see Get DNS name
  • Get HSM partition port details - Get port details for the HSM cluster in the "Activation Required" state. For more information, see Get HSM partition port details.
  • Get PRECO Credentials. Get the PRECO credentials for the HSM cluster in the Activation Required" state. For more information, see View PRECO Credentials.
  • Create a compute instance - As a prerequisite you must create the OCI compute instance (for example., Virtual Machine) by using the compute service. For more information, see OCI Compute Instance.
  • Configure service gateway - If your traffic to Oracle services is routed through the service gateway, then you can access the HSM partitions only from client utilities. For more information on how to set up and manage a service gateway, see Service Gateway.
  • Install the Client RPM package -You must install the RPM package that contains the HSM utility tools to be installed. For more information, see Install the Client RPM package.
  • Configure User Management utility - You must configure User Management utility. For more information, see, Configure User Management utility

Upon completion, you must sign in to the OCI User Management Utility using PRECO user credentials and change the default PRECO user password. Upon changing the password, the PRECO user account is converted to Crypto Officer account.

  1. Launch the User_Mgmt_util utility. 
    $ /opt/oci/hsm/bin/user_mgmt_util /opt/oci/hsm/data/user_mgmt_util.cfg
  2. Sign in as PRECO User. 
    loginHSM PRECO <Username>
Enter password: ****
  3. List the number of users. 
    cloudmgmt>listUsers 
Number of users found:2    
User Id     User Type       User Name              LoginFailureCnt              
1            PRECO          <preco_username>         0                         
2            CU             app_user                 0
  4. You're now signed in to the HSM as PRECO user.
  5. Change the default PRECO password using changePswd command. 
    changePswd PRECO <Username>
  6. List users to verify if the user account has changed from PRECO to Crypto Officer (CO).
  7. After few minutes, the HSM cluster state changes from "Activation Required" to "Activating" and later "Active" and ready for use.
    Note

    OCI KMS provides a minimum period of 7 days buffer to delete a HSM cluster. When you schedule a cluster for deletion, you can see it in the transition state and all actions on the HSM Cluster Details page are disabled.