Versasec vSEC:CMS

this document describes using {{futurex}} pkcs #11 libraries to configure the {{futurex}} {{vectera}} hsm with versasec vsec\ cms for additional questions related to your hsm, see the relevant user guide application description from the versasec documentation website vsec\ cms is an innovative, easily integrated, and cost effective credential management system (cms) designed to help you deploy and manage credentials within your organization vsec\ cms is fully functional with minidriver enabled credentials, such as smart cards, usb tokens, and virtual smart cards, including windows hello for business (whfb) it streamlines all aspects of credential management by seamlessly connecting to enterprise directories, certificate authorities, physical access control systems, email servers, log servers, biometric fingerprint readers, pin mailers, and more with vsec\ cms, your organization can issue credentials to employees, personalize them with authentication details, and manage the entire credential life cycle – all directly from this off the shelf product architecture the vsec\ cms client server architecture uses both an rpc framework and soap with the following protocols grpc with http/2 or http/2 over tls soap with http or https however, for simplicity, this guide refers to it as http(s) main components of vsec\ cms vsec\ cms service this windows service manages the vsec\ cms database and operator account management for authorized users it operates as a windows service, defaulting to run under the system account vsec\ cms soap/grpc service another windows service, this component facilitates communication with the vsec\ cms service it serves as the soap/grpc service for the vsec\ cms agent, vsec\ cms admin, and the vsec\ cms user application vsec\ cms agent or vsec\ cms admin each operator uses either of these components, operating within the user's context vsec\ cms user application this component is executed on an end user's workstation, enabling self service credential operations with both conventional smart cards and virtual smart cards hsm support in vsec\ cms you can use an hsm to store the master keys used for administration key operations with the vsec\ cms, such as registering a smart card token or pin unblock operations the vsec\ cms interfaces with the hsm through the pkcs #11 protocol use the hsm key management tools we provide to manage all management functions around the master key stored on the hsm guardian integration the {{guard}} introduces mission critical viability to core cryptographic infrastructure, including centralization of device management elimination of points of failure distribution of transaction loads group specific function blocking user defined grouping systems see the applicable guide in the {{futurex}} portal for configuring hsms with the {{guard}} , including pkcs #11 and cng configuration