Setup of MIRkey / eHSM devices to use with WebADM 1. Introduction This guide will lead you through the setup of one or preferably several (for load-balancing and fail-over purposes) eHSM / MIRkey to use hardware cryptography within WebADM, adding an extra layer of security to protect WebADM sensitive data. MIRKey HSMs required at least WebADM 2.0.17.
2. Download and install the ellipticSecure Device Manager Although it is possible to initialize and setup the eHSM or MIRkey using standard command-line pkcs11 tools, we recommend to use the ellipticSecure Device Manager GUI that allows the update of the firmware and to setup a backup domain allowing backups from one device to be restored to a different device, which is particulary useful for load-balancing across several HSMs and for disaster recovery purposes.
Setup of SmartCard-HSM devices to use with WebADM 1. Introduction This guide will lead you through the setup of one or preferably several (for load-balancing and fail-over purposes) SmartCard-HSM to use hardware cryptography within WebADM, adding an extra layer of security to protect WebADM sensitives informations.
All steps of the initialization, configuration and replication of the devices can be performed directly with standard command line tools directly on the server where WebADM is installed, except for the generation of an AES secret key that will be, as we write these lines, only exportable to another device if it has been generated properly through the Smart Card Shell GUI.
1. Product Documentation This document describes how to configure correctly the Yubico YubiHSM and enable it through the WebADM setting, in order to provide both hardware level encryption and random seed generation (the strongest Enterprise security available) in your RCDevs product. WebADM only needs a subset of commands to work with the YubiHSM and the reader should notice that this document is not a guide describing all possible modes of operation provided by the device itself.