Configure an HSM with the BeyondInsight configuration tool

Ready for configuration

The following must be completed before configuring the HSM in BeyondInsight:

  • The HSM has been installed and configured.

  • The nShield client software has been installed and connected to the HSM.

  • The Security World file has been created.

  • A Softcard has been created using the nShield client software.

  • BeyondInsight has been installed.

  • Ensure the OCS card is inserted into the HSM to enable softcard protection.

Add an HSM credential to BeyondInsight

  1. Sign in to the BeyondInsight server that is configured to access the HSM.

  2. Open the BeyondInsight Configuration tool: Start > Apps > eEye Digital Security > BeyondInsight Configuration.

    btconfigurationtool.1

  3. Select Configure HSM Credentials.

    btconfigurehsmcredentials.2

    The Configure HSM credentials dialog appears.

  4. Select Edit > Add New HSM Credential.

    • If using softcard protection, ensure the OCS card is inserted into the HSM.

  5. Enter HSM details as defined below:

    The nShield HSM PKCS #11 drivers are in the C:\Program Files\nCipher\nfast\toolkits\pkcs1 directory.
    32-bit Driver Path

    Select the 32-bit PKCS #11 driver.

    64-bit Driver Path

    Select the 64-bit PKCS #11 driver.

    Label/Slot

    After a valid 32-bit/64-bit drivers have been selected, this is the list of tokens presented by the driver in the format of label (slot number).

    The label is the name of the HSM token. Some HSMs have a default name. Otherwise, it is the name that was set when you configured your HSM.

    The slot number is an index number starting at 0. It indicates the token’s position within the list of tokens presented by the driver.

    Key Name

    HSM keys are identified labels. A unique name must be provided for each key. This is required to associate encrypted credentials with the key that is used to encrypt and decrypt them. Any key name can be used as long as it is unique.

    Description

    Information about the key, for display purposes only.

    PIN

    The password for the HSM token that was set up for use by BeyondInsight.

  6. After inputting the HSM credentials, select Save and Close.

  7. Reopen Configure HSM Credentials.

  8. Initiate a connection test by selecting Test Active Credential. A successful test will display a dialog confirming a successful connection.

  9. Close the Configure HSM Credentials window and Apply the changes in the BeyondInsight Configuration window.