Chapter 2: DSM V6100 Hardware Appliance
Administrator Card Set (ACS)
DSM Installation and Configuration Guide
Copyright 2009 - 2020 Thales Group. All rights reserved.
21
You should choose enough smart cards to support all of your DSMs, plus a backup card in case one of the
cards gets damaged, or is unavailable. However, a higher N increases the risk of others gathering enough
cards to access the DSM. You want K to be high enough to provide a level of security that you are
comfortable with, but not so high as to be logistically difficult.
l
In some cases, it is desirable to make K greater than half the value of N (for example, if N is seven, to make K to
be four). Such a policy makes it harder for a potential attacker to obtain enough cards to access the DSMs.
Choose values of K and N that are appropriate to your situation.
l
Smart cards have a unique identification number, it can be very useful to document the ID number of each card,
which ACS group that card belongs to, the security officer a card belongs to, the passphrase, and any additional
information you consider useful for your situation.
l
Pass phrases are optional for each card. An ACS can have some cards with pass phrases and some with no pass
phrase. Pass phrases can be different for each card.
l
Create a security policy to manage the card set and to keep it well protected. No single person should have
access to more than one card (separation of duties).
V6100 Operations that require the ACS
The following table outlines the operations that require the smart card (ACS) set. Once remote HSM administration is
configured, the mode switch located on the back panel of the V6100 appliance is moved to the operational ‘
O
’ position
and physical toggling of the mode switch is no longer required (except where indicated in the table below).
Additionally, from v6.0 onwards, even if remote administration is not enabled, as long as the mode switch is in the ‘O’
position, physical toggling of the mode switch is no longer required.
Scenario
DSM Server
Smart Cards
Required
HSM Switch
change
DSM CLI
Command
Notes
Initial HA node setup:
initialize security
world
HA Node 1
Set of N
Automatic
security genca
Run the genca
command after the
basic networking
configuration
Any subsequent
change requiring
operator to run
‘genca’ on an
already configured
DSM and
established Security
World
HA Node 1
None
No
security genca
Example would be if
the Hostname
changed for the DSM.
Note, this would also
require re-registering
all agents.
Replacement of
smartcard
HA Node 1
Original K +
new N
No
hsm replaceacs
Requires a complete
new set of N to be
created. Requires K
from original set of N
be inserted before
creating new set of N.
Note that N cannot be
changed.
Table 2-1: v6100 Physical Presence Requirements with remote administration enabled
