[Opendnssec-develop] Sessions with network HSM:s
Jakob Schlyter
jakob at kirei.se
Tue Nov 16 08:20:26 UTC 2010
On 16 nov 2010, at 08.19, Rickard Bellgrim wrote:
> SIDN is having some problems with their HSM, because it closes a session if it has been idle for too long time. E.g. key generation every third month.
>
> We have also seen this during the evaluations of the HSMs. It is Utimaco and SafeNet who close their session/TCP-connection if it has been idle for too long. But AEP and Thales can have its session open without any disruption.
>
> Utimaco recommended us having a heartbeat mechanism for keeping the session alive.
>
> Is this the correct way to go? Or should the HSM vendor make sure to implement a heartbeat mechanism in their own library?
Should we have the enforcer "ping" libhsm every once in a while? If so, we might want to implement a hsm_ping() function just to make sure the connection is alive.
jakob
More information about the Opendnssec-develop
mailing list