Verasec vSEC:CMS
This document provides information about configuring the Futurex Vectera Plus HSM with vSEC:CMS using Futurex PKCS #11 libraries. For additional questions related to your HSM, see the relevant user guide.
From the Versasec documentation website: "vSEC:CMS S-Series (vSEC:CMS) is an innovative, easily integrated and cost effective Credential Management System (CMS) that will help you deploy and manage credentials within your organization.
The vSEC:CMS is fully functional with minidriver-enabled credentials such as smart cards, and it streamlines all aspects of managing credentials by connecting to enterprise directories, certificate authorities, physical access control systems, email servers, log servers, biometric fingerprint readers, PIN mailers... the list goes on. With vSEC:CMS organizations can issue badges to employees, personalize the badges with authentication credentials and manage the lifecycle of the badges - directly from the off-the-shelf product."
vSEC:CMS is separated into four main components:
- A MS Windows service, named vSEC:CMS Service (1) in the architecture drawing above, which manages the vSEC:CMS database in addition to operator account management for those operators who have access to vSEC:CMS. This service runs as a MS Windows service and will be installed by default to run under the MS Windows SYSTEM account;
- A MS Windows service, named vSEC:CMS SOAP/gRPC Service (11) in the architecture drawing above, which communicates with the vSEC:CMS Service and is the SOAP/gRPC service for the vSEC:CMS Agent (2) or vSEC:CMS Admin (3) and the vSEC:CMS User Self-Service Console (12);
- The vSEC:CMS Agent (2) or vSEC:CMS Admin (3), which is run by each operator in the user's context;
- The vSEC:CMS User (12) which is run on an end user's workstation from where credential users can perform self-service credential operations with conventional smart cards (8) or virtual smart cards (14).
An HSM can be used to store the master key(s) used when performing administration key operations with the vSEC:CMS, such as registering a smart card token or PIN unblock operations. The vSEC:CMS interfaces with the HSM through the PKCS #11 protocol. All management functions around the master key stored on the HSM should be managed by the HSM key management tools available from the HSM vendor.
The Guardian Series 3 introduces mission-critical viability to core cryptographic infrastructure, including:
- Centralization of device management
- Elimination of points of failure
- Distribution of transaction loads
- Group-specific function blocking
- User-defined grouping systems
Please see the applicable guide in the Futurex Portal, which covers how to use the Guardian Series 3 to configure HSMs for PKCS #11 integrations.