Workflow
The high-level workflow in CCC is outlined below and illustrated in the following figure.
-
Activate CCC to enable authenticated communications with the device HSMs. Activation is required to enable user management, device authorization, service creation, and reporting. See Server Administration.
-
Create user organizations and add users to the organizations. All application Owner users must belong to an organization. See Account Management.
-
Add devices and optionally group them into device pools. See Device Management.
-
Authorize CCC to log in to the devices as the HSM security officer (SO).
-
Import any partitions or partition HA groups that are already configured on the appliance, but that do not exist as services in CCC. You can perform this function at any time.
-
Create service templates to define the characteristics of the new services you want to create. All new services must be based on a template. See Service Management.
-
Create new services and assign them to an organization.
-
Initialize the new services. A new service can be initialized by the CCC Administrator or Application Owner.
-
Download the CCC client to the Thales Luna Network HSM client workstation you want to deploy the service on. The CCC client is available for download from CCC by Administrator or Application Owner users. See Downloading and Installing CCC Client.
-
As an Application Owner that belongs to the organization that owns a new service, deploy the new service by running the CCC client on the Thales Luna Network HSM client workstation you want to deploy the new service on.
-
Begin using the new service with your cryptographic applications.
User Account Management
CCC Administrators can perform user account management tasks in activated mode only. The main steps are as follows:
-
Log in to CCC as the default Admin user.
-
Change the default password, if this is the first login.
-
Create additional Administrator users, if desired. Administrator users do not belong to an organization.
-
Create the organizations that will own the services you create.
-
Add user accounts for Application Owner users and assign them to an organization.
Application Owner users can only be moved to a new organization by deleting them from their current organization and then adding them to a new organization.
Device Management
CCC Administrators can perform device management tasks in activated mode only. The main steps are as follows:
-
Add the devices you want to manage. To add a device, you must specify the device address and admin login credentials. When you add a device, its capabilities are retrieved from the device, and stored in the database. If the device capabilities change, you can query the device to update the capabilities stored in CCC.
-
To help organize the devices, you optionally create device pools that can contain multiple devices.
-
Place the devices into device pools, if desired.
-
Authorize the devices.
Service Management
CCC Administrators can perform service management tasks in activated mode only. The main steps are as follows:
-
Import any partitions or partition HA groups that are already configured on the appliance, but that do not exist as services in CCC. You can perform this function at any time.
-
Create service templates for each type of new service you wish to create.
-
Create new services and assign them to an organization.
-
Initialize the new service (Administrator or Application Owner user).
-
Generate, view, print, or export reports that provide detailed information for all of your provisioned services.
Service Deployment
Application Owners can deploy services created for their organization in activated mode only. The main steps are as follows:
-
Log on to CCC and initialize the service you want to deploy. Services can be initialized by the Administrator or Application Owner.
-
Download the CCC client to the Thales Luna Network HSM client workstation that will host the service.
-
Run the CCC client to select and deploy the service.
-
Begin using the service with your cryptographic applications.
-
Release the service when it is no longer required. The resources used to provide the service become available to CCC for creating new services.