Limit to number of SSL keys?
We have nCipher nFast HSMs on AMDs and wonder if there is a limit to the number of SSL keys that either the card can hanlde or the AMD can handle?
Happens to be running 11.5 currently if that matters.
Thanks
Hi
There is of course a limit since the keys are stored but it differs from model to model.
You can check your specific model over at https://www.thales-esecurity.com/
Nice - of course it may help if we knew what model we have - any way of interrogating it and getting the answer I need?
Cheers
This is where it's getting interesting 
Do you mean you have no access to the AMD?
If you have you can probably run the LSPCI -v command or KUDZU -v and get the essentials.
Hmmm...
42:02.0 Co-processor: Intel Corporation 21555 Non transparent PCI-to-PCI Bridge (rev 03)
Subsystem: Ncipher Corp Ltd Unknown device 0100
Flags: bus master, 66MHz, medium devsel, latency 8, IRQ 67
Memory at dfcf0000 (32-bit, non-prefetchable) [size=4K]
I/O ports at 4000 [size=256]
Memory at d9e00000 (32-bit, prefetchable) [size=1M]
Capabilities: [dc] Power Management version 2
Capabilities: [e4] Vital Product Data
Capabilities: [ec] #06 [0080]
Unknown Device.
Any of the nfast tools allow me to interrogate?
Not sure - I've lost my login to Thales and the mental HD is blank 
If it's fairly new you should still be able to knock on their support door?
Well, HSMs were bought with the AMDs direct from Compuware as part of a bundle, so we've never had any dealiings with Thales.
As it's running 11.5, you can probably guess it's not new either!
I'm really after a ballpark figure - 100, 1000 etc as we need to do a tactical 'Add these new servers' before we can finally upgrade to latest DCRUM version! (A project kicking off as I type)
I want to be reasonably confident that we can accomodate the extra servers which all have SSL
So saying that - I guess the shipping bills are lost in time?
Then I see only 2 options:
- Boot and go into BIOS and see what it says.
- Pry the box open and read the print on the card.
If you have the ILO board activated that should potentially give you another way in.
An exact number isn't really possible. different key sizes will of course consume different amounts of space on the card.
I've a customer with a nCipher HSM and they have a 'couple hundred' (I'm not up to date on the exact number) keys loaded.
Thanks Chris - just what I was after.... more than enough space then 
Community Member of the Month
September 2018
Announcing Dynatrace's Community Member of the Month for September 2018, Muthu P.! Click here to read more! Employee Member of the Month
September 2018
Announcing Dynatrace's Employee Member of the Month for September 2018, Kris Z.! Click here to read more!