Install the IBM Hardware Security Module (HSM) client software
In this step, you install Citrix Netscaler VPX with the software and utilities that are required to interact with the Hardware Security Monitor (HSM).
Steps one and two in this procedure are optional and needed only if the safe net directory and the files or subfolders in it are missing in the /var
path. These resources are necessary to install VPX with the client software and allow
it to run the utilities associated with the HSM software.
Find the credentials to access the NetScaler CLI listed in the Control Portal under Devices > Device List > Expand VPX name.
All VPX commands and outputs in this document list either netscalername#
(indicating a shell execution), or >
(for the VPX CLI itself).
-
(OPTIONAL) Obtain the
safenet_dirs.tar
file and transfer it to the VPX in the/var
directory. Download thesafenet_dirs.tar
file in the following locations:Ensure that you are logged in to your IBM Cloud account to access the links.
This image shows how the WinSCP software transfers the
safenet_dir.tar
file into the Citrix VPX. -
(OPTIONAL) Extract the
tar
file:root@IBMADC690867-wnzs# tar -xvpf safenet_dirs.tar x safenet/ x safenet/config/ x safenet/gateway/ x safenet/SAClient_600.tgz x safenet/SAClient_622.tgz x safenet/install_client.sh x safenet/gateway/start_safenet_gw x safenet/gateway/gw_delay x safenet/config/safenet_config x safenet/config/Chrystoki.conf
-
Navigate to the
/var/safenet
directory and confirm that the folders and files were transferred:extracted root@IBMADC690867-s6dr# cd safenet root@IBMADC690867-s6dr# pwd /var/safenet root@IBMADC690867-s6dr# ls SAClient_600.tgz config install_client.sh SAClient_622.tgz gateway
-
Run the installation script by using version 622:
root@IBMADC690867-s6dr# install_client.sh -v 622 ********************************************* Current Version: 622 Installing Version: 622 Starting to extract SAClient_622.tgz file. Extracted SAClient_622.tgz file. Removing SAClient_622.tgz file. ********************************************* Now follow the configuration steps document available online on Citrix edocs. *********************************************
-
Confirm the creation of the safenet directory:
root@IBMADC690867-s6dr# ls SAClient_600.tgz gateway installation.log config install_client.sh safenet
-
Navigate to the
/var/safenet/config/
directoy and run thesafenet_config
script:root@IBMADC690867-s6dr# cd /var/safenet/config/ root@IBMADC690867-s6dr# pwd /var/safenet/config root@IBMADC690867-s6dr# sh safenet_config
-
Verify that
/etc/Chrystoki.conf
and the symbolic link/usr/lib/libCrystoki_64
were created:root@IBMADC690867-s6dr# ls -l /etc/Chrystoki.conf -rw-r--r-- 1 root wheel 1185 Jul 26 16:17 /etc/Chrystoki.conf root@IBMADC690867-s6dr# ls -l /usr/lib/libCryptoki2_64.so lrwxr-xr-x 1 root wheel 54 Jul 26 16:17 /usr/lib/libCryptoki2_64.so -> /var/safenet/safenet/lunaclient/lib/libCryptoki2_64.so
The IBM Hardware Security Module installs successfully.