Estate management using the KeySafe 5 WebUI
The following tables provide a quick reference guide to some of the tasks you can perform in KeySafe 5 and how you access the relevant areas of the KeySafe 5 WebUI. These tables are not exhaustive.
HSM management
| Action | Instructions |
|---|---|
View HSM information |
Hardware Management (toolbar) > HSMs |
Add and manage features |
Hardware Management (toolbar) > HSMs > Features (tab) |
Delete slot tokens |
Hardware Management (toolbar) > HSMs > Slots (tab) |
Change mode |
Hardware Management (toolbar) > HSMs > Basic Information (tab) |
Clear HSM |
Hardware Management (toolbar) > HSMs > Clear HSM |
Remove HSM record from estate |
Hardware Management (toolbar) > HSMs > Remove HSM |
Host machine management
| Action | Instructions |
|---|---|
View host machine information |
Hardware Management (toolbar) > Hosts |
Allocate host machine to pool |
Hardware Management (toolbar) > Hosts > Move |
Remove host machine from KeySafe 5 |
Hardware Management (toolbar) > Hosts > Delete |
HSM pools
An HSM Pool is a collection of HSMs that are managed together. Currently, each HSM pool represents one or more host machines.
| Action | Instructions |
|---|---|
View HSM pool information |
Hardware Management (toolbar) > Pools |
Create HSM pool |
Hardware Management (toolbar) > Pools (tab) > Create New Pool |
Allocate HSM pool to Security World |
Security Worlds (toolbar) > Security Worlds > [Security World name] > Pools (tab) > Allocate New Pool |
Remove HSM pool from Security World |
Security Worlds (toolbar) > Security Worlds > [Security World name] > Pools (tab) > De-Allocate Security World |
Edit HSM pool name |
Hardware Management (toolbar) > Pools (tab) > Edit Name |
Delete HSM pool |
Hardware Management (toolbar) > Pools (tab) > Delete |
Feature certificates
| Action | Instructions |
|---|---|
View feature certificate information |
Hardware Management (toolbar) > Feature Certificates |
Upload feature certificate |
Hardware Management (toolbar) > Feature Certificates > Upload |
Security Worlds
| Action | Instructions |
|---|---|
View Security World information |
Security Worlds (toolbar) > Security Worlds > [Security World name] |
Create Security World |
Security Worlds (toolbar) > Security Worlds > Create New World Authorize any outstanding operations that were raised, see Outstanding operations. |
Edit Security World name |
Security Worlds (toolbar) > Security Worlds > [Security World name] > Edit Name |
Download Security World settings |
Security Worlds (toolbar) > Security Worlds > [Security World name] > Download Ensure the Security World is not in use before doing this. You can use the downloaded files to configure Security Worlds outside of KeySafe 5 by copying them into the |
Delete Security World |
Security Worlds (toolbar) > Security Worlds > [Security World name] > Delete Ensure the Security World is not in use before doing this. |
Cards and card sets
| Action | Instructions | ||
|---|---|---|---|
Replace Administrator Card Set (ACS) |
Security Worlds (toolbar) > Security Worlds > [Security World name] > Basic (tab) > Settings > Replace Admin Card Set You need access to the required number of cards to give permission for the operation and you must have enough blank cards to be used in the new card set. These cards can be new or deleted cards. |
||
Create Operator Card Set (OCS) |
Security Worlds (toolbar) > Security Worlds > [Security World name] > Cards (tab) > Create Authorize any outstanding operations that were raised, see Outstanding operations. |
||
Download OCS |
Security Worlds (toolbar) > Security Worlds > [Security World name] > Cards (tab) > [Card Set name] > Settings > Download Card Set The card set file downloads as a |
||
Change card set passphrase |
Security Worlds (toolbar) > Security Worlds > [Security World name] > Cards (tab) > [Card Set name] > Settings > Change Passphrase Authorize any outstanding operations that were raised, see Outstanding operations. |
||
Delete card set |
Security Worlds (toolbar) > Security Worlds > [Security World name] > Cards (tab) > [Card Set name] > Settings > Delete Card Set You can only delete card sets that are not in use. Deleting a card set using KeySafe 5 deletes all child resources from the KeySafe 5 database. For example, if you are using nShield Web Services, key groups and keys are deleted. This operation does not format the cards.
|
||
Create softcard |
Security Worlds (toolbar) > Security Worlds > [Security World name] > Softcard (tab) > Create Authorize any outstanding operations that were raised, see Outstanding operations. |
||
Download softcard |
Security Worlds (toolbar) > Security Worlds > [Security World name] > Softcard (tab) > [Softcard name] > Settings > Download Softcard The Softcard file downloads as a |
||
Change softcard passphrase |
Security Worlds (toolbar) > Security Worlds > [Security World name] > Softcard (tab) > [Softcard name] > Settings > Change Passphrase |
||
Delete softcard |
Security Worlds (toolbar) > Security Worlds > [Security World name] > Softcard (tab) > [Softcard name] > Settings > Delete Softcard Deleting a softcard set in KeySafe 5 deletes all child resources from the KeySafe 5 database. For example, if you are using nShield Web Services, key groups and keys are deleted. You can also delete a softcard from a specific slot.
|
Outstanding operations
When a requested task requires authentication, an operation is created. For example, if a card insertion is required for the task, an authentication operation is created. Any operations that have yet to be completed are collectively referred to as outstanding operations.
View outstanding operations
| Action | Instructions |
|---|---|
View outstanding operations for a specific Security World |
Security Worlds (toolbar) > Security Worlds > <Security World Name> > Operations (tab) |
View Security Worlds with outstanding operations |
Security Worlds (toolbar) > Outstanding Operations Select a Security World to display the outstanding operations. |
Approve outstanding operations
You need the relevant physical ACS/OCS cards or virtual softcards and the passphrase to approve outstanding operations. If multiple card authorizations are required, repeat the procedure for each card.
To approve an outstanding operation:
-
Navigate to the outstanding operation, see View outstanding operations.
-
Select Authorize to launch the approval wizard.
-
Follow the instructions as directed.
Reject outstanding operations
To reject an outstanding operation:
-
Navigate to the outstanding operation, see View outstanding operations.
-
Select Reject.