Avatar

Level 1

Hello,

Thank you very much kapss for all your useful answers.

So if I sum up, it is rather preferable to install LC ES2 SP2 on the same machine which hosts the HSM setup and device (a PCI card for example) and to use the Corba based IPC mechanism (no need of the HSMWS middleware) if we want to really have 5 or more concurrent invocations.

So, if we need to use a HSM Network Appliance (on which we could not install LCES2 SP2) instead of a HSM PCI Card we do not have any no other choice than using the HSMWS middleware webservice on the LCES2 SP2 server or possibly on an another machine. Is it correct ?

About the Corba based IPC mechanism, do we need to do on LiveCycle ES2 SP2 server any other setup that the following ones :

1. Installing a  1.6.0.18 or superior Sun 32 bits JDK

2. Setting a JAVA_HOME_32 system env var.

3. Installing the HSM client setup (including the cryptoki.dll HSM client library for Luna SA for example)

4. Setting up the HSM Credentials  inside the the LC TrustStore (by choosing an alias and the PCKS#11 HSM client Library location)

5. Possibly raising up the com.adobe.livecycle.signatures.hsm.bmc.poolsize value

I assume that if we want to set up a High Availibility mechanism with an HSM Network Appliance, we are equally obliged to use the HSMWS middleware on 2 machines hosting the HSM client setup with a load-balancer located in front of them. Could you confirm ?

About the HSMWS tool, if I well understand, Adobe supports that tool if we launch it as a stand-alone tool in a console but not with a third party Java Wrapper installing it as a Windows service, am I right ? I think Adobe should consider to support it equally in that case by testing and recommending the best third party tool to do that because it never happens in a real-life environment to launch a java stand-alone tool on a windows production server which not be able to autostart at reboot of the server.

Alexis.