|
Home > |
Appliance Administration Guide > Configuration without One-step NTLS > [Step 1] Planning Your Configuration > HSM Roles and Secrets
|
|---|
SafeNet HSM products offer multiple identities, some mandatory, some optional, that you can invoke in different ways to map to roles and functions in your organization. The following topics offer some elements that you might wish to consider before committing to an HSM configuration.
Roles that access the HSM, the cryptographic engine within, or connected to, the host, include
•the 'HSM Administrator' or 'Security Officer' (SO) [Mandatory], responsible for initialization of the HSM, setting and changing of global Policies (based on the HSM's Capabilities), creation and deletion of application partitions
•the 'Auditor' [Optional],responsible for managing HSM audit logging, at "arm's length" (independently) from other roles on the HSM
•the 'application partition Security Officer' (SO) [Optional], responsible for creating other roles in the partition, resetting passwords, setting and changing partition-level Policies (based on the HSM's and the partition's Capabilities)
•the 'application partition Crypto Officer' [Mandatory], responsible for creating the Crypto User role, and for creating and modifying cryptographic objects in the HSM partition (see Crypto Officer & Crypto User)
•the 'application partition Crypto User', responsible for using cryptographic objects (encrypt/decrypt, sign/verify...) in the HSM partition
In addition to the HSM roles listed above, certain other HSM-wide secrets exist for special purposes. Those include:
•the cloning domain, which determines whether the "cloning" (secure copy of cryptographic objects) operation is possible between two HSMs (which must share identical domain secrets) - applies to password-authenticated HSMs and to PED-authenticated HSMs; cloning is used in some forms of backup, as well as in HA
•the Remote PED vector (PED-authenticated HSMs only), which permits establishing a secure path for the HSM to access remotely-located SafeNet PED and PED Keys
•the Secure Recovery vector (PED-authenticated HSMs only), which permits controlled recovery from a real tamper incident, and also allows the HSM to be placed in, and securely recovered from, an induced 'tamper' state (Secure Transport Mode), for the most secure possible transport and storage of a SafeNet HSM and its contents.