Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.futurex.com/llms.txt

Use this file to discover all available pages before exploring further.

Before you start, ensure your environment conforms to the following specifications:

Supported hardware:

  • Vectera Plus, 7.2.x.x or later.
  • Guardian Series 3, 6.3.6.x or later.
If you have not already set up the Guardian Series 3 (such as configuring the network, loading major keys, and so on), refer to the relevant administrator guide for instructions on setting up a new Guardian device.

Preconditions for configuring a Futurex device group with the Guardian Series 3

To connect client Futurex HSMs for management by the Guardian Series 3, make sure to meet the following preconditions for all involved HSMs.
The following sections use Futurex certificates, preloaded on every unit, to connect the Guardian Series 3 to HSMs. There is a private key and associated signed certificate, which is signed under a Futurex TLS CA tree. In conjunction with a client certificate signed under the same CA, you can use these certificates for secure communications with one of our units without needing to generate and manage certificates on a customer-managed CA.

Preconditions for client Futurex HSMs

Keep the following considerations in mind:
  1. Ensure your HSM is network-attached with a configured IP address and an Ethernet cable plugged into a local area network.
  2. You must load a major key onto the HSM when using user certificates. This precondition does not apply when using Futurex certificates.
  3. If using Transport Layer Security (TLS) between the HSM and the Guardian Series 3, you must enable the proper TLS settings on the HSM. When establishing a mutually authenticated connection, ensure these settings match on the Guardian. If they do not match, selecting this connection type fails to add the device to the group.
  4. The HSM must be signed using the same root certificate as the Guardian Series 3. This happens automatically when using Futurex certificates.
  5. The HSM must have the same date and time settings as the Guardian Series 3 and other units in the device group. The date and time settings automatically sync when you sign in to the device group on the Guardian, so you don’t need extra user configuration.
  6. All HSMs in the device group must be the same model, firmware version, and feature set.

Preconditions for Guardian Series 3

To add a client Futurex HSM to a device group, meet the following preconditions:
  1. The Guardian Series 3 must be network-attached, configured with a configured IP address, and plugged into a local area network with an Ethernet cable.
  2. You must load a major key onto the Guardian Series 3 when using user certificates. This precondition does not apply when using Futurex certificates.
  3. If using Transport Layer Security (TLS) between the Guardian Series 3 and HSM, you must enable the proper TLS settings on the Guardian. When establishing a mutually authenticated connection, ensure these settings match on all the client HSMs. If they do not match, selecting this connection type fails to add the device to the group.
  4. The Guardian Series 3 must be signed using the same root certificate as the client HSM devices. This happens automatically when using Futurex certificates.
  5. The Guardian Series 3 must have the same date and time settings as all HSMs in the device group. The date and time settings automatically sync when you sign in to the Device Group on the Guardian, so you don’t need extra user configuration.
  6. You must enable the Guardian-required Host API commands.