Set major keys
Refer to the Excrypt Touch User Guide for instructions on how to load major keys on the Excrypt Touch.Create a KMES connection profile
Perform the following steps to create a KMES connection profile:From the Excrypt Touch Dashboard, select the Add Device button represented by the plus sign (+) located underneath your active servers and to the left.
In the Add Device window, enter the following required information:
| Configuration setting | Description |
|---|---|
| Name | An appropriate device name. |
| Host | The host IP address of your device |
| Description | Optional field to describe your device |
| Port | An example port is port 5000, which is the default port for Futurex devices. The port number must match the port number in the TLS settings for the device you are connecting to. |
| Enabled | Select Enabled from the drop-down menu. After the device connects, you can also choose Disable, Require Dual-Control, Require Login, and Run on Boot. |
| Device Type | Select the type of Futurex device you are connecting to from the drop-down menu. In this example, choose KMES Series 3 Enterprise. |
| Connection Type | If connecting to a Futurex device, choose Application and choose Futurex Web when connecting to a web service. |
| TLS PKI | Select the connection method from the following list:
|
| PKI Type | If using Futurex certificates, select RSA or ECC. |
| TLS Ciphers/ TLS Protocols | Choose the desired TLS Ciphers and TLS Protocols. |
Select [ Submit ].
Your newly added device profile displays under the list of devices and services in the Excrypt Touch Dashboard.
Make the following changes to the device now displayed in the connected devices in the Offline column:
- Select Modify if you’d like to edit the device profile.
- Select Test to verify the connectivity of the device (must have a valid IP address).
- Choose Ping to send a packet test to the device.
- Choose Retry to re-run the test.
Create a printer profile
Perform the following steps to create a printer profile:From the Excrypt Touch Dashboard, select the Add Device button represented by the plus sign located underneath your active servers to the left.
Enter all of the required information in the Add Device window:
| Configuration setting | Description |
|---|---|
| Name | An appropriate device name. |
| Host | The host IP of your device |
| Description | Optional field to describe your device |
| Port | The value specified in this field needs to be either port 80 or 443 because the Excrypt Touch connects to a web server that runs on the printer. |
| Enabled | Select Require Login from the drop-down menu. |
| Device Type | Select Encrypted File Printing from the drop-down menu. |
| Connection Type | Because this profile is for connecting to a web service on the printer, select External Web from the drop-down menu. |
| TLS PKI | Select the method used to connect. The options include the following:
|
| PKI Type | If using Futurex certificates, select RSA or ECC. |
| TLS Ciphers/ TLS Protocols | Choose the desired TLS Ciphers and TLS Protocols. |
Select [ Submit ].
Your newly added device profile displays under the list of devices and services in the Excrypt Touch Dashboard.
Make the following changes to the device now displayed in the connected devices in the Offline column:
- Select Modify if you’d like to edit the device profile.
- Select Test to verify the connectivity of the device (must have a valid IP address).
- Choose Ping to send a packet test to the device.
- Choose Retry to re-run the test.
Start the KMES profile and log in
Use the Excrypt Touch to remotely connect to your KMES and make the following additional configuration changes:To start the KMES Series 3 Connection Profile, touch the arrow next to the device profile.
The device comes online and shows in the online column.
When the device is online, you can access the application manager for that device and communicate with the device as needed. Select [ Go ] in the right column to access the connected device.
Create a user role
Perform the following steps to create a user role:On the Info tab of the Role Editor window, configure the following settings:
| Setting | Required configuration |
|---|---|
| Type | Administration |
| Name | Printers |
| Hardened | Select the checkbox to enable |
| Logins Required | Set to 2 |
Go to the Permissions tab and enable the following permissions:
| Permission | Subpermissions to enable |
|---|---|
| Device | Enable the following subpermissions:
|
| Excrypt Touch | Enable all subpermissions |
| File Encryption | Enable all subpermissions |
| File Encryption Management | Enable all subpermissions |
| Identity | Enable all subpermissions |
| High-level Keys | Enable |
| Keys | Enable the following subpermissions:
|
| Major Keys | Enable the following subpermissions:
|
| High-level Role | Enable all subpermissions |
| Security | Enable the following subpermissions:
|
Create new identities
Perform the following steps to create new identities:On the Info tab of the Role Editor dialog, configure the following settings:
| Setting | Required configuration |
|---|---|
| Type | Administration |
| Name | print1 |
| Hardened | Select the checkbox to enable. |
| Locked | Leave unchecked. |
On the Info tab of the Role Editor dialog, replicate the settings from step 2, but set print2 in the Name field this time.
Synchronize users between the KMES and Excrypt Touch
When prompted to log in to the local HSM of the Excrypt Touch, log in with the default admin identities.
After logging successfully, a message box informs you that tablet users have been synced successfully.