Remote Management
The environment configuration options are grouped into tabs:
The other options are direct actions:
- Start screen
- Exit
After connecting to the HSM, the console will display the following information at the top right:
- Service status
- Model
- Serial number
- Firmware version
- IP address
- Operating mode
Remote HSM management
This option also allows you to perform some operations on the HSM (CD, XP and ST) that would normally only be possible using the local console, as it involves authenticating to the HSM using smart cards.
For the Pocket model, this is the only option available for managing the device, as there is no local console for this model. With Pocket an activation password is used, not smart cards.
This option is only available for the Windows operating system.
Connectivity between the station and the HSM is via TCP port 4433. Only one physical management connection at a time is allowed to the HSM.
On the HSM side, your local console must be set to Remote Management. See the topic Remote Management.
The HSM client software must be installed using the Full option, which includes the drivers needed to interface with the local USB smart card reader. See the Windows topic for installation details.
The USB reader is not supplied with the HSM.
USB smart card readers certified with Dinamo Networks software:
-
Gemalto/Thales IDBridge CT30 universal reader.
Gemalto/Thales IDBridge CT30
The smart cards that will be used to authenticate in the HSM do not need to be used at the same station. The custodians can each authenticate their smart card from different points, all that is required is some coordination between the custodians, as only one console at a time can be connected to the HSM.
Warning
It is important to note that only the custodian who completes the M of N authentication process gains administrative access to the HSM. For more details on the M of N scheme, see the Server Master Key topic.
Each custodian must insert the smart card into the reader and, when prompted, enter the PIN.
Upon successful completion of the authentication process, each intermediary custodian will receive the confirmation message shown in the image below.
The last custodian will have administrative access to the HSM. On successful completion of authentication you will receive the message shown in the image below.
Attention
Only the final custodian will have remote operation of the HSM.
Once authentication is complete, the following HSM management operations will be available:
- Stop service
- Restart
- Switch off
- Unlock user master
- Online synchronization(Database live sync)
- Return to factory mode
- Changing the operating mode
Exiting the program or returning to the Start Screen interrupts the authenticated session with the HSM.
The maximum authentication interval between custodians is 02 minutes; after this time the process is automatically reset.
Network settings
This option displays some information about the HSM's network configuration.
In the case of the CD, XP and ST models, the information is read-only. No authentication is required for viewing.
For the Pocket model, the information can be edited and this is the only option available for managing the device's network. The parameters will only be available for editing once the device has been authenticated with the activation password using the Remote HSM Management option.
Information about HSM
This option displays some (non-editable) status information about the HSM. No authentication is required to view it.
Open Console HTTP
The Open HTTP console button opens a new window(default browser) with the initial login screen of the HSM HTTP console. For more details on the console, see the HTTP Console topic.
