Vasco IDENTIKEY Appliance Скачать руководство пользователя страница 76 | Manualshive

Страница: 76 / 87

background image

13.2.2. Installing a SafeNet Hardware Security Module

There are two options for setting up a functionality module:

n

Unsigned Functionality Module: copy the unsigned VACMAN Controller functionality module file –

aal2sdk

– to the machine on which HSM administration will take place. You will have to generate your own self-
signed certificate to sign the module before uploading the signed module into the HSM.

n

Signed Functionality Module: copy the signed VACMAN Controller functionality module file –

aal2sdk.signed

– to the machine on which HSM administration will take place. The corresponding VASCO

code signing certificate is required to upload this signed module (

vascosigningcert.crt

).

The functionality modules are located on the IDENTIKEY Authentication Server product CD in the following folders:

Before installing a functionality module, install the Hardware Security Module with the required drivers and libraries
and restart the machine.

Note
To sign an unsigned VACMAN Controller functionality module with your own self-signed certificate, you need the
mkfm tool, which is included in the Protect Processing Orange Software Development Kit v3.00.

Procedure 24: Installing an unsigned VACMAN Controller Functionality Module

1. Open a terminal.

2. Run the following command to generate a SSL certificate in the user slot:

ctcert c -s

<UserSlotID>

-k -z

<KeySize>

-l

<CertificateName>

where:

n

<UserSlotID>

is the ID of the slot on which the certificate should be generated.

n

<KeySize>

is the length of private key required (minimum size is 1024).

n

<CertificateName>

is the name you want to give the certificate.

3. Enter the requested information.

4. Run the following commands to transfer the certificate to the admin slot:

ctcert x -l

<CertificateName>

-s

<UserSlotID>

-f

<CertExportFileName>

ctcert i -f

<CertExportFileName>

-s

<AdminSlotID>

-l

<CertificateName>

where:

n

<CertificateName>

is the name of the certificate that you entered when generating the cer-

tificate.

n

<UserSlotID>

is the ID of the slot in which the certificate was generated.

13. Hardware Security Module

IDENTIKEY Appliance 3.11.12 - Installation and Maintenance Guide

76

«
...
74
75
76
77
78
...
»

Содержание IDENTIKEY Appliance

Страница 1: ...IDENTIKEY Appliance Installation and Maintenance Guide 3 11 12...

Страница 2: ...es for any loss damage or expense incurred by you your company or any third party arising from the use or inability to use VASCO Software or Mater ials or any third party material available or downloa...

Страница 3: ...imitations 12 4 Connecting IDENTIKEY Appliance to your Network 13 4 1 Overview 13 4 2 Powering on IDENTIKEY Appliance 13 4 3 Connecting to your Network 14 5 First Time Configuration 16 5 1 Overview 16...

Страница 4: ...sing IDENTIKEY Appliance 53 8 3 Current License Screen 54 8 4 Re Licensing Scenarios 54 9 Updating IDENTIKEY Appliance 57 9 1 Overview 57 9 2 Retrieving Offline Update Packages 57 9 3 Using the Update...

Страница 5: ...Replacement IDENTIKEY Appliance 71 12 RAID 72 12 1 Maintaining RAID 72 13 Hardware Security Module 75 13 1 Supported Hardware Security Modules 75 13 2 SafeNet HSMs 75 13 3 Secure Auditing With Hardwar...

Страница 6: ...rd Activation Confirmation 29 Image15 Licensing Wizard Welcome 30 Image16 Licensing Wizard System Information 31 Image17 Licensing Wizard Upload License 32 Image18 Licensing Wizard LicenseActivation 3...

Страница 7: ...ge37 Backup and Restore Configuring Automatic Backups FTP SFTP Settings 65 Image38 Backup and Restore Configuring Automatic Backups ScheduleSettings 66 Image39 Backup and Restore Configuring Scripted...

Страница 8: ...able Index Table1 IDENTIKEY ApplianceDimensions 11 Table2 Settings for Connecting aComputer toIDENTIKEY Appliance 44 Table of Contents IDENTIKEY Appliance3 11 12 Installation and MaintenanceGuide viii...

Страница 9: ...ocedures such as updating and re licensing n IDENTIKEY Appliance Product Guide Describes the structure of the product the concepts underpinning authentication and how IDENTIKEY Appliance can support a...

Страница 10: ...length of 3 0 meters 2 3 Personal Environmental and IDENTIKEY Appliance Safety To avoid back injuries when lifting the IDENTIKEY Appliance avoid injuries to your back by using your leg muscles Keep y...

Страница 11: ...Celsius 40 to 158 degrees Fahrenheit n Humidity Range 8 to 90 non condensing n Non Operating Humidity Range 5 to 95 non condensing n Power Supply Thermal control 260 W AC power supply with PFC 24 pin...

Страница 12: ...g models of the DIGIPASS authenticator n E signature DIGIPASS DIGIPASS 760 n Software DIGIPASS DIGIPASS for Mobile and DIGIPASS for APPS Note The new functionalities introduced in the context of Multi...

Страница 13: ...information in the 2 Safety and Environmental Information section Check that all the package contents you need have been supplied They are listed on a separate sheet supplied with your IDENTIKEY Appli...

Страница 14: ...able is correctly plugged into one of the LAN Ethernet interfaces n The network cable is correctly plugged in to your network hub or switch Image 2 AG 3XXX left and AG 5XXX Models right and lights ind...

Страница 15: ...d indicated by the messages time out or destination host unreachable n Check that the workstation s TCP IP settings are correct see points 1 and 2 above n Check that the network cable is in good worki...

Страница 16: ...e of a license key to make the appliance fully operational After installation and before Licensing the IDENTIKEY Appli ance Configuration Utility is accessible for configuration and management but the...

Страница 17: ...SL Secure Socket Layer encryption over the HTTPS protocol 5 2 1 Browsers IDENTIKEY Appliance was implemented to adhere to common Web standards and is expected to be fully oper ational in the latest st...

Страница 18: ...ificate the browser presents a warning ask ing you to accept the certificate to continue Note The procedure for accepting a certificate varies between browsers Internet Explorer is used in the example...

Страница 19: ...e user name and password is Username sysadmin Password sysadmin On accessing the Configuration Tool IDENTIKEY Appliance automatically detects that this is a first time installation and launches the Co...

Страница 20: ...t 3 Oracle Binary Code license agreement for Java SE 4 Password Change 5 Hostname 6 Network Settings 7 Time Synchronization 8 Appliance CA Information 9 Activation Configuration Wizard screens are sho...

Страница 21: ...5 3 1 Welcome Image 6 Configuration Wizard Welcome 5 First Time Configuration IDENTIKEY Appliance3 11 12 Installation and MaintenanceGuide 21...

Страница 22: ...Configuration Wizard End User License Agreement Read the license agreement carefully To accept the terms select Accept this End User License Agreement 5 First Time Configuration IDENTIKEY Appliance3 1...

Страница 23: ...e default system administrator s password is critically important for security Using the default sysadmin user account for accessing the Configuration Tool is less secure than using a new user account...

Страница 24: ...ble For more information refer to the IDENTIKEY Appliance Administrator Guide Image 9 Configuration Wizard Password Change 5 First Time Configuration IDENTIKEY Appliance3 11 12 Installation and Mainte...

Страница 25: ...5 3 5 Hostname Image 10 Configuration Wizard Hostname 5 First Time Configuration IDENTIKEY Appliance3 11 12 Installation and MaintenanceGuide 25...

Страница 26: ...EY Appliance For more information refer to the IDENTIKEY Appliance Product Guide VASCO Service Center section A direct connection to the VASCO Customer Portal requires a default gateway to be configur...

Страница 27: ...ee Section 1 1 8 Activation Successful if you opt to disable Continue to the license wizard 5 3 7 Time Synchronization Image 12 Configuration Wizard Time Synchronization Enter an NTP server name or us...

Страница 28: ...tomatically generated certificates 5 3 9 Activation Confirmation After all data has been entered correctly IDENTIKEY Appliance can be activated by clicking Finish Click Finish to start up the Licensin...

Страница 29: ...Licensing Wizard is launched via two methods n Immediately after completing the First time Configuration Wizard via the Activation Successful page n After completing the Configuration Wizard via a sta...

Страница 30: ...formation about when re licensing is necessary refer to 8 Re Licensing IDENTIKEY Appliance 5 4 1 Welcome Image 15 Licensing Wizard Welcome 5 First Time Configuration IDENTIKEY Appliance3 11 12 Install...

Страница 31: ...5 4 3 Acquiring a VASCO License File Two types of license file exist n A commercial license file which remains valid indefinitely n An evaluation license file which is only valid for 30 days To acquir...

Страница 32: ...TIKEY Appliance On the Upload License page browse to the downloaded license file and click Nextto upload the file Image 17 Licensing Wizard Upload License 5 4 5 License Activation The IDENTIKEY Applia...

Страница 33: ...rmation The License Activation Confirmation page will be displayed to confirm activation This page indicates that IDENTIKEY Appliance services such as authentication are now available 5 First Time Con...

Страница 34: ...tion Server Setup Wizard will walk you through the configuration of several basic IDENTIKEY Authentication Server settings These settings include master domain an administrator login Hardware Security...

Страница 35: ...es At this stage you have the option to enable a Hardware Security Module HSM or Secure Auditing See the IDENTIKEY Appliance Product Guide for more information on these features Note You cannot disabl...

Страница 36: ...seconds has elapsed Secure Auditing setup will be different depending on whether or not you have any HSM enabled If you have an HSM enabled encryption settings will be stored on that HSM see 13 3 Secu...

Страница 37: ...oduct Guide Before starting ensure that the license for IDENTIKEY Appliance includes Hardware Security Module functionality For more information about setting up information required to populate the f...

Страница 38: ...s a The first administrator for IDENTIKEY Authentication Server b An administrator login for the Configuration Tool 2 Enter and confirm a password The password format must conform to the IDENTIKEY Aut...

Страница 39: ...figure Once the details have been provided on the IDENTIKEY Authentication Server Setup Wizard screens IDENTIKEY Authentication Server will be configured with the minimum details allowed for first tim...

Страница 40: ...tivating a IDENTIKEY Appliance support certificate 1 Open a web browser and go to the VASCO Customer Portal https cp vasco com Type the maintenance reference and serial number provided by VASCO for yo...

Страница 41: ...on 3 Scroll down to Contract certificate select the Download contract certificate hyperlink and download and save the certificate file 4 Access the Configuration Tool 5 Select Settings Certificates 6...

Страница 42: ...ion Server When migrating to IDENTIKEY Appliance IDENTIKEY Virtual Appliance from IDENTIKEY Authentication Server you can use the Data Migration Tool and the IDENTIKEY Appliance Update Wizard to migra...

Страница 43: ...the package as described in Sections 9 3 1 Select Update and 9 3 3 Verify Update and Install Update to complete data migration 5 First Time Configuration IDENTIKEY Appliance3 11 12 Installation and M...

Страница 44: ...fer to 6 3 Adding Authentication for the Rescue Tool You can access the Rescue Tool using one of the following methods n If using IDENTIKEY Virtual Appliance switch to the console view in your hypervi...

Страница 45: ...he Rescue Tool These users can be configured to enter other login credentials in addition to the rescue user name To define these users can be defined access the IDENTIKEY Appliance Configuration Tool...

Страница 46: ...e Rescue Tool The Number of Additional Logins field enables you to define how many user Ids and passwords have to log in besides the first user This adds further security to the rescue tool login This...

Страница 47: ...ess 6 4 1 Resetting IDENTIKEY Appliance 6 4 1 1 Resetting to Factory Default Warning The following Configurations and data are reset if you select the Reset to Factory Default option n Data including...

Страница 48: ...yes to confirm settings reset Any IP addresses specified with the Limit Access to Networks setting are cleared effectively allowing access to the Configuration Tool from any client computer 6 4 2 Chan...

Страница 49: ...Appliance Procedure 6 Pinging an IP Address 1 type n for network menu 2 type p to enter the Ping menu 3 Enter the IP address or hostname of the system you want to ping The Rescue Tool will then ping t...

Страница 50: ...and Shutting Down If IDENTIKEY Appliance is shut down incorrectly it can be corrupted One of the following methods of powering off or rebooting IDENTIKEY Appliance should be used in the following ord...

Страница 51: ...st a user name and password to be used for the reset There are three possible outcomes of this operation a If the user name provided is identical to the one provided when running the IDENTIKEY Authent...

Страница 52: ...een installed through an update i e not a clean install you can revert to the previously installed version using Revert to a previous version of IDENTIKEY Appliance For more information refer to 9 4 R...

Страница 53: ...When IDENTIKEY Appliance has been restored to factory default to remove all data and clean the appli ance see 8 4 5 Restoring to Factory Default For more information about license types and re licensi...

Страница 54: ...rors refer to 14 1 Support Procedure Procedure 10 Re licensing for a change of IP address or a backup restored to a different appliance 1 Contact your IDENTIKEY Appliance supplier tor release the appl...

Страница 55: ...click Next It is not necessary to download a system information file for re licensing a new license option or type d On the Upload License page browse to and upload the license file License dat which...

Страница 56: ...he appliance license from the old configuration key 2 Launch the Licensing Wizard see 8 2 Accessing the Wizard for Re Licensing IDENTIKEY Appliance 3 Complete the Licensing Wizard for a commercial lic...

Страница 57: ...gain to the Configuration Tool The Status screen displays feedback concerning the update status If a power failure or other unforeseen event occurs during the update process a fail over system reverts...

Страница 58: ...date Packages 3 Select the required iso file to download the selected package for your product and click Save File in the following dialog 9 3 Using the Update Wizard The Update Wizard consists of a n...

Страница 59: ...he Verify Update page see 9 3 3 Verify Update and Install Update 9 3 2 Available Updates On Line Process Only On this page the wizard displays the retrieval steps and lists any updates that are availa...

Страница 60: ...ecific upgrade other data acquired since the upgrade may be removed includ ing n Audit database records n System statistics It is recommended to contact VASCO support to address your problem before re...

Страница 61: ...nce will reboot and revert to the previous version 9 4 3 Additional Considerations Reverting to a previous version is only available if the current version has been installed using an upgrade i e not...

Страница 62: ...EY Appliance see 10 7 Configuring Scripted Backups 10 3 Restoring IDENTIKEY Appliance The Restore function is a manual process it allows administrators to upload configuration settings and data which...

Страница 63: ...lick Save After configuration custom encryption will be applied to manual automatic and scripted backups of IDENTIKEY Appliance 10 5 Performing Manual Backups Procedure 17 Performing a manual backup 1...

Страница 64: ...utomatic backup 1 In the IDENTIKEY Appliance Configuration Tool navigate to System Backup Restore 2 OPTIONAL Select Use Custom Encryption Pass Phrase and type a pass phrase twice to prevent typing err...

Страница 65: ...tory and authentication settings and click Fetch Fingerprint to automatically retrieve the fingerprint b Click download Public key to retrieve the IDENTIKEY Appliance public key and install it on the...

Страница 66: ...backup script tool to request a backup from IDENTIKEY Appliance The URL to access the IDENTIKEY Appliance backup is https ip_address system backup download Procedure 19 Configuring a scripted backup 1...

Страница 67: ...Save to apply the configuration Note The user name and password for a script to authenticate to IDENTIKEY Appliance and download a backup can be freely chosen and defined in the System Backup tab The...

Страница 68: ...he Restore Wizard appears 3 Specify the backup file and if required the backup passphrase The passphrase is required if custom encryption has been used for backup The backup file is uploaded and valid...

Страница 69: ...Considerations To restore a backup on a replacement IDENTIKEY Appliance follow the procedure for a regular replacement see 11 Replacing an IDENTIKEY Appliance 10 Backing Up and Restoring IDENTIKEY App...

Страница 70: ...e to your network see 4 Connecting IDENTIKEY Appliance to your Net work 2 Open the IDENTIKEY Appliance Configuration Tool see 5 2 Accessing and Logging in to the IDENTIKEY Appliance Configuration Tool...

Страница 71: ...twork 2 Open the IDENTIKEY Appliance Configuration Tool see 5 2 Accessing and Logging in to the IDENTIKEY Appliance Configuration Tool 3 Complete the Configuration Wizard see 5 3 Configuration Wizard...

Страница 72: ...sed in two out of three available slots The RAID is configured using a wizard available via the IDENTIKEY Appliance Configuration Tool whenever an action is required For more information about the RAI...

Страница 73: ...e stopped by the IDENTIKEY Appliance The disk needs to be physically removed from the respective slot in the IDENTIKEY Appliance AG 7XXX and a new disk needs to be physically inserted Afterwards the w...

Страница 74: ...ge b Replace the hard disk physically The wizard returns to the RAID Maintenance Status and Actions page and offers the Add action c Select Add for the replacement disk to be added to the RAID configu...

Страница 75: ...eNet HSMs In order to set up SafeNet HSMs to work with IDENTIKEY Appliance you need to set up the following components Software The following software must be installed on the HSM n Version 2 07 or hi...

Страница 76: ...ign an unsigned VACMAN Controller functionality module with your own self signed certificate you need the mkfm tool which is included in the Protect Processing Orange Software Development Kit v3 00 Pr...

Страница 77: ...CertificateName jaal2sdk fm Warning Storage and sensitive data keys cannot be created in the admin slot The VACMAN Controller VASCO SafeNet HSM packages will contain a signed version of the VACMAN Co...

Страница 78: ...use n encrypt enabled n wrap and unwrap enabled n private optional n All other options disabled 13 2 4 Creating SafeNet Sensitive Data Keys After installing a SafeNet Hardware Security Module and crea...

Страница 79: ...n Manual Section Trust Management and Section Token Replication The ProtectToolkit C Administration Manual is included in your SafeNet HSM documentation suite and is typically named ptk_c_administrati...

Страница 80: ...ter verification 13 3 1 Secure Auditing with SafeNet The ctcert tool provided with SafeNet software is used to apply the required configuration to the HSM for Secure Auditing Refer to the ProtectToolk...

Страница 81: ...key n Csecp256r1 means to create the key using this type of elliptic curve n 1825d creates a certificate which has a validity period of 1825 days from the date this com mand is run n MasterAuditKey w...

Страница 82: ...fies the slot where the certificate is located n audit_cert pem is the PEM file that will contain the public certificate Note Secure Auditing for IDENTIKEY Appliance only supports elliptic curve keys...

Страница 83: ...Allowing Remote Support Connections If necessary VASCO experts can access your IDENTIKEY Appliance remotely to solve problems Remote support requires a connection between the VASCO Customer Portal an...

Страница 84: ...pport certificates you have previously imported using the Cer tificate Management tab For more information refer to the IDENTIKEY Appliance Administrator Guide Sec tion Certificate Management Image 45...

Страница 85: ...be enabled without installing a support certificate by providing VASCO support VPN access to your network This allows direct access to the IDENTIKEY Appliance Configuration Tool 14 Support IDENTIKEY A...

Страница 86: ...nsigned HSM module 76 SafeNet 75 Secure Auditing 79 SafeNet 80 supported models 75 K keystore 36 L License File 31 licenses upgrading 55 Licensing 12 16 28 30 53 54 70 M Master Audit Keypair 79 80 Mas...

Страница 87: ...installation 77 Storage Data Key SafeNet 78 support certificate 40 activating 40 downloading 40 U unsigned HSM installation 76 upgrading licenses 55 IDENTIKEY Appliance3 11 12 Installation and Mainte...

Отзывы:

Нет отзывов

Похожие инструкции для IDENTIKEY Appliance

UniServer BT716F

Бренд: H3C Страницы: 44

Бренд: Gigabyte Страницы: 115

PRIMERGY CX400 M6

Бренд: Fujitsu Страницы: 209

PRIMERGY CX272 S1

Бренд: Fujitsu Страницы: 234

Primergy CX270 S2

Бренд: Fujitsu Страницы: 320

Primergy CX270 S2

Бренд: Fujitsu Страницы: 56

Express5800/140Hf

Бренд: NEC Страницы: 482

Бренд: Star Lake Страницы: 76

InfiniteStorage 120

Бренд: Silicon Graphics Страницы: 42

Бренд: Optibase Страницы: 156

326m - eServer - 7969

Бренд: IBM Страницы: 82

StorCenter Pro NAS 150d

Бренд: Iomega Страницы: 70

Бренд: Planet Страницы: 2

Бренд: Lantronix Страницы: 71

KEPServerEX OPC

Бренд: HORNER Страницы: 4

Бренд: Oracle Страницы: 72

Бренд: Oracle Страницы: 72

Бренд: Inspur Страницы: 205

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды