Go to content

Remote access configuration

Configuring remote access to HSM management

The HSM can be configured for remote management.

Actions such as starting the service, rebooting and synchronizing replication (and others) can only be carried out, in principle, with physical access to the HSM. With remote management enabled, the administrator can perform these operations from the station itself using a USB smart card reader and the corresponding smart cards.

The smart card reader approved by DINAMO is the Gemalto/Thales IDBridge CT30 universal reader.

Gemalto/Thales IDBridge CT30

Gemalto/Thales IDBridge CT30

Requirements

  1. Physical access to the HSMs with the smart cards and PIN for each one.
  2. Keyboard and monitor.
  3. A Windows workstation with SSL connectivity via TCP port 3344 to the HSM.
  4. HSM client software installed in Full mode or customized with the Remote access option (see Downloads topic).
  5. Smart card reader.
  6. HSM service started.

Info

Firmware versions prior to 5x do not have the remote access option.

Enabling remote access in HSM

  1. To enable remote access, you must physically go to the HSM and authenticate with the cards.

  2. Once authenticated, choose Configuration and press ENTER.

    Start menu
    Start menu

  3. Then choose Load Remote Management and press ENTER.

    Remote management option on the local console
    Remote management option on the local console

  4. The remote is now active and you can now manage the HSM remotely in Windows.

    Remote management enabled
    Remote management enabled

For more details on remote management in HSM, see the topic Remote Management.

Accessing HSM management

  1. To access HSM, simply open DINAMOcon and use the Device Management option.

    DINAMOcon home screen
    DINAMOcon home screen

  2. Then choose Remote HSM Management.

    Authentication menu
    Authentication menu

  3. Click on the Start remote authentication button and insert the card into the reader.

    Inserting a smart card into the reader
    Inserting a smart card into the reader

  4. Enter the card PIN and click OK.

    Successful authentication
    Successful authentication

  5. A success message will appear.

    Authentication of the first card
    Authentication of the first card

  6. Then you (or the other custodians of the cards) will do the same procedure for the next cards. Right after the last card, DINAMOcon will display the following message.

    Successful authentication
    Successful authentication

  7. It is now possible to manage the HSM remotely.

    Remote management menu
    Remote management menu

For more details on remote access to the HSM, see the topic Remote Management.

Troubleshooting

  • Unable to connect to HSM (error -12) or DINAMOcon crashes trying to connect when you click on Device management.

Possible causes: - Port 3344 is not allowed on the network. - SSL connection not closed due to network blocking. - Remote access is not enabled in the HSM (see Starting Remote Management).

  • Button to start authentication does not appear.

Solutions: - Reinstall the client with the option Complete or customized by selecting Remote console . - If reinstallation has already taken place, check that the library libusb-1.0.dll is in C:/Windows/System32.