Remote Management

The environment configuration options are grouped into tabs:

1. Remote HSM management
2. Network settings
3. Information about HSM
4. Open HTTP Console

The other options are direct actions:

1. Start screen
2. Exit

Remote HSM management

This option also allows you to perform some operations on the HSM (CD, XP and ST) that would normally only be possible using the local console, as it involves authenticating to the HSM using smart cards.

For the Pocket model, this is the only option available for managing the device, as there is no local console for this model. With Pocket, an activation password is used, not smart cards.

This option is only available for the Windows operating system.

Connectivity between the station and the HSM is via TCP port 4433. Only one physical management connection at a time is allowed to the HSM.

On the HSM side, your local console needs to be set to Remote Management. See the topic Remote Management.

The HSM client software must be installed using the Full option, which includes the drivers needed to interface with the local USB smart card reader. See the Windows topic for installation details.

The USB reader is not supplied with the HSM.

USB smart card readers approved with Dinamo Networks software:

1. Gemalto/Thales IDBridge CT30 universal reader.

   

   Gemalto/Thales IDBridge CT30

The smart cards that will be used to authenticate in the HSM do not need to be used at the same station. The custodians can each authenticate their smart card from different points, all that is required is some coordination between the custodians, as only one console at a time can be connected to the HSM.

Warning

It is important to note that only the custodian who completes the M of N authentication process gains administrative access to the HSM. For more details on the M of N scheme, see the Server Master Key topic.

Start remote authentication screen

Each custodian must insert the smart card into the reader and, when prompted, enter the PIN.

Message for _smart card_ insertion

Message for entering the _smart card_ PIN

Upon successful completion of the authentication process, each intermediary custodian will receive the confirmation message shown in the image below.

Intermediary custodian

The last custodian will have administrative access to the HSM. On successful completion of authentication you will receive the message shown in the image below.

Final Custodian

Once authentication is complete, the following HSM management operations will be available:

1. Stop service
2. Restart
3. Switch off
4. Unlock master user
5. Online synchronization(Database live sync)
6. Return to factory mode
7. Changing the operating mode

Exiting the program or returning to the Start Screen interrupts the authenticated session with the HSM.

The maximum authentication interval between custodians is 02 minutes; after this time the process is automatically reset.

Remote operation on the device

Network settings

This option displays some information about the HSM's network configuration.

In the case of the CD, XP and ST models, the information is read-only. No authentication is required for viewing.

For the Pocket model, the information can be edited and this is the only option available for managing the device's network. The parameters will only be available for editing once the device has been authenticated with the activation password using the Remote HSM Management option.

Network configuration screen on XP

Information about HSM

This option displays some (non-editable) status information about the HSM. No authentication is required to view it.

HSM info screen

Open HTTP Console

The Open HTTP console button opens a new window(default browser) with the initial login screen of the HSM HTTP console. For more details on the console, see the HTTP Console topic.

HSM HTTP console