Security Management Center II 4.

0C
Release Notes
Version: 4.0C Build 1337
Release Notes Issue Date: October 11, 2010
Updated: N/A

Product Description
SafeNet Security Management Center (SMCII) redefines network security management. A robust, Web-based,
management platform, the SMCII centrally manages encryptors deployed on the enterprise network. SMCII
remotely configures, monitors, and performs firmware updates, thereby reducing the cost of network security
management.

SMCII supports the following SafeNet high speed network encryptor families:

 SafeNet Ethernet Encryptor (SEE)

 SafeNet SONET Encryptor (SSE)
 SafeNet Conversion Encryptor (SCE)
 SafeNet ATM Encryptor II (SAEII)
 SafeNet Link Encryptor (SLE)

Version Summary
This version is released for general distribution. Please refer to the Advisory Notes and Known Issues and
Workarounds sections for limitations and restrictions.

Release Description
SMCII 4.0C is a feature enhancement release to version 3.5C and prior releases. This release includes:
 Solaris Version: 4.0C build 1337
 Windows Version: 4.0C build 1337

Released Components
 SMCII 4.0C for Solaris 10 installation: smcSetup.bin
 SMCII 4.0C for Windows installation: smcSetup.exe
 SMCII User’s Guide (English): Web-based Help
 SMCII Companion User’s Guide: SMCII_V4.0C_Companion_User_Guide.pdf
 SMCII Installation Guide: SMCII_V4.0C_Installation_Guide.pdf
 SMCII Cluster Setup Guide: SMCII_V4.0C_Clustering_Guide.pdf
 SMCII Data Replication Setup Guide: SMCII_V4.0C_Replication_Guide.pdf

 SMCII Customer Release Notes: 007-007850-401_SMCII_v4.0C_CRN.pdf

© 2010 SafeNet, Inc. All rights reserved. Page 1 of 11 www.safenet-inc.com

 Security Management Center II
Release Notes

Supported Environments
Server Systems:
Supported Operating Systems:
Solaris™ 10 SPARC platform
Windows Server® 2008 SP2 (32-bit)
Windows Server® 2008 SP2 (64-bit)
Windows Server® 2008 R2
Windows Server® 2003 R2 (32-bit only)
Windows 7® Enterprise (32-bit and 64-bit)
Windows Vista® Business (32-bit and 64-bit)
Windows XP® Professional (32-bit)

Hardware Requirements:
*Minimum:
Server: Sun SPARC™ Enterprise Server (single CPU or more), 2 GB RAM
Intel Pentium 4 processor, 2 GB RAM

Clustered Servers: Sun SPARC™ Enterprise Server (single CPU or more), 8 GB RAM (each)

Network Performance:
*Minimum:
Server: 10/100 Mbs throughput

Clustered Servers: 100 Mbs throughput

Recommended:
Server: 100 Mbs throughput

Clustered Servers: 100 Mbs throughput

*Note: Minimum requirements are for small SafeNet managed networks. No more than several
managed encryptors are recommended.

Client Systems:
Supported Operating Systems:
Solaris 10
Windows 7, XP, Vista, 2003, and 2008 Server

Supported Browsers:
Mozilla Firefox 3.5 and higher
Internet Explorer 8

© 2010 SafeNet, Inc. All rights reserved. Page 2 of 11 www.safenet-inc.com

 Security Management Center II
Release Notes

New Features and Enhancements

The following features are new in SMCII 4.0C. For feature details, refer to the documentation on the installation
CD — specifically, SMCII_V4.0C_Companion_User_Guide.pdf.

 Device Import and Export—Import and Export tools are used to seamlessly and securely back up or
restore all or a subset of devices managed by the SMCII from/to a CSV file. Sensitive fields in the CSV
file can be encrypted using a password-based AES key. Import and export of the device table are
recorded in the Audit Log.

 License Enforcement—This feature allows the user to change the license tier so SMCII can manage
more network devices. By default, SMCII is installed with a Tier 1 license, which does not require a
license code. However, a license code is required to unlock higher tiers.

 Multiple Signing Key Pairs (Keysets)—This feature allows the user to create multiple signing key
pairs to certify sets of devices (SAEII/SCE/SEE/SSE). A keyset (signing pair) is comprised of two self-
signed key pairs—a1024-bit key pair, and a 4096-bit key pair. In a Pairing configuration, keysets are
shared, so the devices that are owned by remote nodes can be certified using the corresponding
server's keyset.

 Device Status Bar—The status bar displays important summary information about the device, such as
the unit name, management IP address, the firmware version, and color-coded status settings of each
LED on the front of the device.

 Date Filter Controls—This is extended functionality of filtering criteria used with the Script Run History
Log, and the Alarm, Event, and Audit Logs. These quick controls provide helpful options to pre-fill date
filters with common values. The user can select yesterday’s date, last week’s date, etc., and then further
modify the date by using the filtering controls to choose a range of days, weeks, or months to move
backward or forward in time.

 Pairing Enhancements—The Pairing status page displays the following additional information:
o Whether pairing is fully operational with another node
o The last full sync with another node
o The last incremental update from another node
o When the last error from another node occurred

 Device Firmware Support Updated for SEE and SEE Branch Office—The SEE v4.0 and Branch
Office v2.0 firmware updates add significant new features to the Ethernet devices. Refer to the device
documentation for more details. The key updates include:
o End-to-end interoperability across devices from 10Mbps to 10Gbps
o Support for Multicast MAC Address-based encryption
o Support for VLAN ID-based encryption
o Password strength enhancements

© 2010 SafeNet, Inc. All rights reserved. Page 3 of 11 www.safenet-inc.com

 Security Management Center II
Release Notes

Advisory Notes
Client Browser Settings
 After installing SMCII, JavaScript must be enabled in the browser running the SMCII client software.
 The 'binary and script behavior' option must be enabled in Internet Explorer 8 (IE8). This allows the
status bar to appear against a transparent background, rather than a grayed out, opaque
background.
 The address bar in IE8 displays 'Certificate Error' and highlights the Web address in red, until the
Self-signed SafeNet SMCII is installed in the Trusted Root Certification Authorities Store of the
machine.

Windows Server 2008

 Before installing SMCII on Windows Server 2008, refer to the SMCII Installation Guide for a list of
firewall port exceptions that need to be configured to make the SMCII server and client components
accessible.

High Availability Considerations

Cluster Environment
 In this release of SMCII, a maximum of two (2) MySQL cluster data nodes and one (1) MySQL
cluster management node are supported. Additionally, these hardware and network requirements
are highly recommended:

o a system with a SPARC™ Enterprise Server (single CPU or more)

o 8 GB RAM for each server node
o 100 Mbs network throughput with low latency

 By default, SMCII does not support automatic restart of the MySQL cluster processes after server
reboot. The administrator must manually restart the MySQL cluster management and NDB cluster
processes per the instructions in the SMCII Cluster Setup Guide. Alternatively, a Solaris
administrator with sufficient expertise could create a shell script to run in /etc/rc3.d and be
configured to start before /etc/rc3.d/S98mysql.
 After restoring a database in a cluster configuration, the user may receive an error after executing
the recoverdatabasekey script. This script looks for an apollodb.audit_entry which does not exist at
this time. To resolve this, restart the SMCII application service on Windows and the S99smcjboss
service on Solaris. This will do the GEK recovery. After recovery, the user will automatically be
prompted to restart the server again. The databasekeyrecovery script relies on being able to log an
audit log message about the key recovery. If SMCII has not run on that server yet, the audit log
table doesn't exist, so the message can't be logged.
 All server data nodes must be configured to resolve cluster member host names by either
/etc/hosts or DNS. (Other hostname/IP name resolution solutions may work, but they have not
been verified by SafeNet.)
 For load balancing scheduled jobs/tasks, it is highly recommended that Network Time Protocol
(NTP), or other system clock synchronization, be configured to keep the SMCII cluster nodes in
sync. Otherwise, if their clocks are out of sync by more than 2-3 seconds, only one server (the
faster server by time) will execute all jobs/tasks.

Note: Refer to the SMCII Server with Multiple Network Interface Cards (NICs) section in this
document for related issues.

© 2010 SafeNet, Inc. All rights reserved. Page 4 of 11 www.safenet-inc.com

 Security Management Center II
Release Notes

Pairing
 SMCII servers cannot be paired across versions. Due to the potential for changes within the
database schema, pairing across versions is not supported.
 Pairing also requires that all SMCII servers being paired are able to resolve each other’s host
names. This can be done either automatically (by using the network DNS server), or manually (by
adding the host names to the host files of the respective SMCII servers).
 In a pairing configuration, device operation may lead to an usmDHUserOwnPrivKeyChange SNMP
error response. Ignore the error message and refresh the browser instance.
Reference: 74936
 Restoring an SMCII database to another SMCII server and configuring pairing between those two
servers will not replicate the devices already present in the database. After restoring the database,
but before setting up pairing, go to Administration > System Configuration > System, delete the
property named com.safenetinc.smc.system.ServerUniqueId, and then restart both servers. Only
new devices (added after the pairing is configured) will be replicated.
Reference: 82354

HighAssurance Remote
 HighAssurance Remote operating in the Solaris environment incorrectly fragments large packets.
This introduces several complexities:
 When upgrading or deploying the SSE, SEE, SCE, or SAEII running the 3.4.0 or newer
firmware, HighAssurance Remote will interfere with the use of v2 certificates during device
certification. To enable management of the noted devices with the 3.4.0 firmware image, you
must disable HighAssurance Remote on the Solaris server during the certification process.
 While the SLE is not managed via IPSec, the Solaris HighAssurance Remote must be disabled
for similar reasons as those outlined above.
 (MySQL Cluster-specific) Legacy SMC 2.0 database migration may fail in cluster configuration
for SMCII. Temporarily disable HighAssurance Remote on all cluster nodes while performing
database migration.
o To stop HighAssurance Remote, run:
/opt/SafeNet/HARemote/stop_vpn
o To start HighAssurance Remote, run:
/opt/SafeNet/HARemote/start_vpn
References: 31830, 62997

MySQL Database Backup File Corruption

 Starting with SMCII 1.2, the mysqldump command is the prescribed tool for taking database
backups. However, the backup files contain binary data mixed with ASCII information, which is not
generally supported for the mysql database restore command. You must use the mysqldump --
hex-blob option to take correct database backups.

Contact SafeNet Technical Support to obtain assistance with restoring the version 1.2 backup
images if restoring one of them is necessary, and fails.

© 2010 SafeNet, Inc. All rights reserved. Page 5 of 11 www.safenet-inc.com

 Security Management Center II
Release Notes

SMCII Server with Multiple Network Interface Cards (NICs)

 SMCII is designed to work on servers with multiple NICs, however, there are two features which
require special configuration. These steps (described below), are required to be run on all SMCII
servers whether running in standalone, replication (primary and secondary servers), or cluster data
nodes. The interface and IP address values should be configured for each server’s respective
values.
o Configuring HighAssurance Remote for Specific Network Interface Usage

To specify which network interface is to be used for HighAssurance Remote in a multiple NIC
environment, make the following changes in the /etc/init.d/vpnclient file:

[…] approximately line 28

#TARGET_IF=bge1
#will force the vpnclient to use bge1 interface TARGET_IF='First Found'
TARGET_IF='First Found'

Comment (add ‘#’ at beginning of line) the line TARGET_IF='First Found'

(approximately line 30).

Uncomment (remove ‘#’ at the beginning of line) the line #TARGET_IF=bge1

(approximately line 28).

Change bge1 (if necessary) to the interface you want to use for HighAssurance Remote and
SMCII.

Note: Depending on the network hardware installed on the Solaris server, the interface may not
be named bge0 or bge1. For example, hme and e1000g are possible interface prefixes as well.
Use ifconfig –a to determine the interface name required.

Stop and restart the HighAssurance Remote after making changes:

To stop HighAssurance Remote, run:

# /opt/SafeNet/HARemote/stop_vpn

To start HighAssurance Remote, run:

# /opt/SafeNet/HARemote/start_vpn

o Configuring SMCII Firmware Download, SNMP Proxy Agent, and SNMP Trap Listener to
Bind with Specific IP Address

Firmware Download, SNMP Proxy Agent, and SNMP Trap Listener will default to the value of
the smc.server.hostaddress property, as set in the file
<SMCII_INSTALL_DIRECTORY>/jboss/server/default/conf/system.properties.

The following line must be added to the configuration file:

smc.server.hostaddress=<IP_address>

After setting the property, restart the SMCII server. An SMCII user with administrator privileges
is required to stop the SMCII server:

To stop SMCII server, run:

# /etc/rc3.d/S99smcjboss stop

To start SMCII server, run:

# /etc/rc3.d/S99smcjboss start

© 2010 SafeNet, Inc. All rights reserved. Page 6 of 11 www.safenet-inc.com

 Security Management Center II
Release Notes

SMCII Servers Configured to use only IPv6 Addressing

 MySQL cluster environment, database replication, and management of IPSec devices using
HighAssurance Remote on SMCII servers that are configured to use IPv6 addressing only is not a
supported configuration.

Device Management Considerations

 SNMP Timeouts with SxE 3.5-based Devices
The 3.5 release of the SxE device firmware adds IPv6 support for device management. The
implementation within the device slightly increases the response time when making certain
management interface changes (for example, modifying IP address parameters or updating trap
destinations). If the delay negatively affects the SMCII interface to the device, SMCII’s SNMP
timeout property can be adjusted to accommodate the device response times. Configure the setting
by navigating to Administration > System Configuration > SSE/SAEII/SEE/SCE. Enter a valid
value (in seconds) into the Connection Timeout field.
 Inband Management with Ethernet Encryptors
The management of remote in-band encryptors via the management interface is a complex issue to
address. The requirement to manage an encryptor from either the management or the in-band
interface, and then to ensure response packets are routed via the same interface from which the
request was received, differs from normal IP routing behavior. This can lead to invalid network
topologies that work in some cases, but fail in other cases.
As a result, it is not possible to download a software image (or receive traps) via the management
interface of an in-band, remote-managed encryptor that is not the in-band gateway encryptor.
To eliminate these problems, ensure that if both the management and in-band interfaces are
configured on a remote-managed encryptor, then there are active routed paths back to the SMCII
workstation for both interfaces (especially the in-band interface).
Reference: 72713

Link Encryptors
 There is no error checking for the correct SLE device type. Select a valid SLE device type in the
drop-down menu and double-check to ensure it matches correctly with the hardware device type.
Reference: 33265
 The configuration timeout settings for SLE devices are longer than expected; however, no action is
required by the user. The configuration timeout is set to an Exponential Backoff algorithm, where
Timeout = 5 and Retry = 3, retransmit occurs at 0 (first), 5 (R1) + 10(R2) + 20(R3) + 40(final
timeout) = 75 secs.
Reference: 33438

General
 Duplicate IP addresses are, by design, allowed to be entered into SMCII. However, the
administrator will need to verify the IP address and network configuration and communication to be
certain that that is what is intended.
 When opened with third-party programs such as Microsoft Excel, the contents of CSV files may be
interpreted by the program in use. Refer to the third-party documentation for control of formatting for
display purposes.
 If SMCII is running on a system that does not meet SMCII’s system requirements, the keystore
migration from SMCII’s database to the Luna hardware security module fails with an exception. The
workaround to this issue is to add the following property in SMC_HOME/jboss/server/default/conf/
system.properties: smc.bootstrap.start.luna=true and then restart the SMCII server.

© 2010 SafeNet, Inc. All rights reserved. Page 7 of 11 www.safenet-inc.com

 Security Management Center II
Release Notes

Resolved Issues
Severity Classification Definition
C Critical No reasonable workaround exists
H High Reasonable workaround exists
M Medium Medium level priority problems
L Low Lowest level priority problems

Issues Resolved in this Release

Issue Severity Synopsis
41697 H Cancelling a Windows installation of SMCII does not rollback the installed components and
services.
63906 H Pairing synchronization error message should be reported to the user
63907 H Pairing authentication should not succeed unless two way handshake is successful
76042 H SEE BO: Local Port and Remote Port Statistics do not clear when the Clear button is used
81429 H ClearSonetInterfaces.vm should present an option to select either interface to clear Local or
Network
82680 H Script runner should continue until the last row has been added or replaced, and display the
current table.
83741 H Device restore configuration will reject connection rules when attempting to restore on a
device managed via IPv6
84354 H Cannot uninstall SMCII from a Japanese Windows 2003 Server
74532 M Basic Inventory report should include a column for the Owner
76759 M When trying to rearrange a column using the Format Table, shifting the columns up and
down by moving (dragging and dropping) them quickly across each other results in multiple
columns of the same name (duplicates)
77668 M Cannot edit or delete the first trap destination in SMCII Trap Destination table
82621 M Replication script ignoring SMCII running status
83387 M The user is prompted to only Discard or Cancel instead of Save, Discard, or Cancel when
a quick attempt is made to delete users from the CTAM User table.
83647 M Add Script page: The device list becomes unfiltered when the Refresh button is clicked on
the script table.
83962 M In a Pairing configuration, when duplicate device names are selected for device log backup,
only single backup files are created and the device with duplicate name is ignored.
82469 L Role permission is not completely visible in the Available and Selected tables for Roles
82808 L Exception setting visible in the server log. Value Binding [#{navigation.invalid ||
savePrompt.show
83345 L A NumberFormatException occurred in the logs after clicking the Connect button from an
SxE connection setting edit page.
83388 L Windows 7 Support: Installer should warn the user that the SNMP Trap service (aka
SNMPTrap) is not disabled, in addition to other services that need to be disabled.
83574 L Add Device window: Tabbing through the fields for the first time jumps from field to field
incorrectly.
83712 L Extended Inventory report displays older files before newer files (newer files should be listed
first by default)
83724 L ConnectionStatusServerBean should fetch a fresh copy of the device from the database

© 2010 SafeNet, Inc. All rights reserved. Page 8 of 11 www.safenet-inc.com

 Security Management Center II
Release Notes

Issues Resolved in this Release

Issue Severity Synopsis
immediately before polling.

Known Issues and Workarounds

Issue Severity Synopsis
31035 L Summary: Terminal window doesn’t close after installation of SMCII.
Workaround: Close the window manually by clicking on the x button.
31878 M Summary: Data Migration from legacy SMC does not import manufacturing certificates for
SLE device management.
Workaround: Import certificates manually and re-authenticate SLEs.
32312 M Summary: IPSec communication between the SMCII server and encryptor is not
established if SunScreen is installed on the server.
Workaround: There are three workarounds for this issue.
Workaround 1) Temporarily disable firewall (server reboot will enable firewall again).
a. From the /opt/SafeNet/HARemote directory, issue command: ./stop_vpn
b. Issue command: ifconfig hme0 modremove efs@2
c. From the /opt/SafeNet/HARemote directory, issue command: ./stop_vpn
Workaround 2) Stop Sunscreen software.
From the command line enter the following:
# mv /etc/opt/SUNWicg/SunScreen/.active /etc/opt/SUNWicg/SunScreen/.not-active
# init 6
Workaround 3) Remove Sunscreen software.
From the command line enter the following:
# cd /var/sadm/prod
# java uninstall_SunScreen_3_1 -nodisplay
32400 H Summary: (MySQL cluster-specific) HighAssurance Remote IPSec policy is not updated
after a cluster node recovers from network errors. SNMP Proxy update is also affected.
Workaround: Use the Policy Refresh button under Administration > System
Configuration > Clustering to force policy update. Added the SNMP Proxy Refresh button
to update the service.
33062 H Summary: Newly added SLE HSSI and T3 devices cannot be certified. Devices that have
been previously certified can be re-certified successfully.
Workaround: Temporarily disable HighAssurance Remote on the SMCII server to certify
the device and then re-enable HighAssurance Remote.
61973 L Summary: Configuration > Firmware > Firmware Download: SMCII fails to download the
device firmware 'Downgrade Fix Image' to a device.
Workaround: Ignore the error in SMCII. This downgrade fix automatically reboots the
device. SMCII polls for the status and times out logging the error, "Firmware download
failed.” In reality, the download has completed correctly.
64110 M Summary: HARemote > Log Viewer: A socket error occurs when opening the HARemote
log viewer from the installed SMCII.
Workaround: HighAssurance Remote only allows a single process to attach to the log port.
Since SMCII now provides a log viewing feature for the HighAssurance Remote in the
SMCII UI, the logviewer.exe utility that comes with the HighAssurance Remote application
will no longer function.

© 2010 SafeNet, Inc. All rights reserved. Page 9 of 11 www.safenet-inc.com

 Security Management Center II
Release Notes

Issue Severity Synopsis

64453 H Summary: Secure negotiation fails if a V2 certificate has Subject Name (DN) longer than 32
characters.
Workaround: Limit Subject Names to 30 characters or fewer. From SMCII, issue
certificate(s) with 30 or fewer characters in the Subject Name field.
69558 M Summary: Special character usage causes text to convert into unreadable hex numbers in
Pre-Login, Post-Login Banners, and Notes fields of an encryptor.
Workaround: Delete the incorrect values and avoid the usage of special characters in the
above mentioned fields.
74369 M Summary: SNMP Proxy request using V1/V2 may timeout when a device is edited.
Workaround: Reload the SNMP Proxy Agent configuration using SNMP Proxy Agent >
Agent Settings > Maintenance > Reload button.
80598 L Summary: Console Mode installation on Solaris displays ":!not found" and then continues
Workaround: Ignore this message. The installation should proceed as expected.
80674 L Summary: Alarms in the Alarm Status table are supposed to stay checked, even after an
action is performed on them (such as acknowledge, unacknowledge). However,
intermittently, some of the selected rows will become unselected after performing the action
Workaround: Select the multiple selection option to select the rows again.
81721 M Summary: Clicking the New Window when browsing with IE8 will sometimes display the
Certificate Warning page, and other times it will not.
Workaround: Add the Self-signed SMCII certificate to the trusted root certification
authority’s store of the client machine.
83600 H Summary: SNMP connection timeout during multiple device user deletion may lead to non-
selected users getting deleted.
Workaround: Set the Connection Timeout to a higher value from the System Properties
panel. This will circumvent the timeout issue, and address the problem.
83734 H Summary: SMCII may not log events in the event table sent by SxE device if the device
times out during alarm polling.
Workaround: Disable Trap filter under Configuration > SNMP Proxy Agent > Trap
Configuration.
86086 L Summary: Remote MAC table displays Loading...... after the actual rows are retrieved.
Workaround: Refresh the page.
91119 M Summary: The Script Input Details editor panel disappears.
Workaround: Click the Input Details button twice.
94730 M Summary: Deletion of an Extended Inventory report created from Security > Reports for
the SLE removes all the reports from the table.
Workaround: Navigate away from the page and then reopen Security > Reports > SLE >
Inventory > Extended Inventory to see the old reports in the Report table.
94846 L Summary: The Alarm Log "Download to CSV" link throws an exception.
Workaround: Ignore the exception. The CSV file is created as expected.
94858 M Summary: During a Script Run, nothing opens when attempting to open a script’s Input
Details and/or Show Contents.
Workaround: Refresh the browser page.

© 2010 SafeNet, Inc. All rights reserved. Page 10 of 11 www.safenet-inc.com

 Security Management Center II
Release Notes

Issue Severity Synopsis

94860 M Summary: Periodically, when adding or editing items in some tables, after clicking Save,
94906 the user remains on the add/edit screen instead of returning to the page prior to the add/edit
98459 page. When this occurs, the fields on the page will often be empty, and there will sometimes
be errors displayed on the page. This intermittent issue does not affect the success of the
save operation; the save does succeed.
Workaround: Click on a menu item or a link elsewhere on the page to navigate away from
the add/edit page.
95125 M Summary: Peer Name was not added when a manual connection was added.
Workaround: None. The Peer Name field for Multicast and VLAN is not used. The field will
be empty.
95312 M Summary: Double-clicking on the Connections page Refresh button causes the page to
lock.
Workaround: Refresh the browser page.
95511 L Summary: After a successful device import and receiving the Successfully Imported…
message, the user is prompted to Save/Discard again.
Workaround: Choose either Save or Discard.
95585 M Summary: Nullpointer exception in RADIUS login
Workaround: None. SMCII does not support Change Password During Next Login with
EAP-MSCHAP_v2.

Publications
The following publications are associated with this release:
 SafeNet Security Management Center II Cluster Setup Guide, 007-007850-403 (September 2010)
 SafeNet Security Management Center II Data Replication Setup Guide, 007-007850-404 (September 2010)
 SafeNet Security Management Center II Installation Guide, 007-007850-402 (September 2010)
 SafeNet Security Management Center II User’s Guide, 007-007850-400 (September 2010)

We have attempted to make these documents complete, accurate, and useful, but we cannot guarantee them to be perfect. When we
discover errors or omissions, or these issues are brought to our attention, we endeavor to correct them in succeeding releases of the
product.

Part Number 007-007850-401

Revision A

© 2010 SafeNet, Inc. All rights reserved. Page 11 of 11 www.safenet-inc.com