Configure Excrypt Touch

this section covers how to configure the excrypt touch and then use the excrypt touch to connect the {{k3}} to the platform and configure additional items related to user roles and identities perform the following tasks after logging in locally to the excrypt touch with the default admin identities set major keys refer to the excrypt touch user guide for instructions on how to load major keys on the excrypt touch you must load the same pmk and bek on the {{k3}} and excrypt touch ensure that the key checksums match create a kmes connection profile perform the following steps to create a {{k}} connection profile from the excrypt touch dashboard , select the add device button represented by the plus sign ( + ) located underneath your active servers and to the left in the add device window, enter the following required information configuration setting description name an appropriate device name host the host ip address of your device description optional field to describe your device port an example port is port 5000 , which is the default port for futurex devices the port number must match the port number in the tls settings for the device you are connecting to enabled select enabled from the drop down menu after the device connects, you can also choose disable , require dual control , require login , and run on boot device type select the type of {{futurex}} device you are connecting to from the drop down menu in this example, choose kmes series 3 enterprise connection type if connecting to a {{futurex}} device, choose application and choose futurex web when connecting to a web service tls pki select the connection method from the following list clear no authentication anonymous anonymous authentication user use user provided pki certificates server authenticate authenticate server only futurex admin use futurex signed certificates to connect for this example, select futurex admin pki type if using {{futurex}} certificates, select rsa or ecc tls ciphers/ tls protocols choose the desired tls ciphers and tls protocols select \[ submit ] your newly added device profile displays under the list of devices and services in the excrypt touch dashboard make the following changes to the device now displayed in the connected devices in the offline column select modify if you'd like to edit the device profile select test to verify the connectivity of the device (must have a valid ip address) choose ping to send a packet test to the device choose retry to re run the test create a printer profile perform the following steps to create a printer profile from the excrypt touch dashboard , select the add device button represented by the plus sign located underneath your active servers to the left enter all of the required information in the add device window configuration setting description name an appropriate device name host the host ip of your device description optional field to describe your device port the value specified in this field needs to be either port 80 or 443 because the excrypt touch connects to a web server that runs on the printer enabled select require login from the drop down menu device type select encrypted file printing from the drop down menu connection type because this profile is for connecting to a web service on the printer, select external web from the drop down menu tls pki select the method used to connect the options include the following clear no authentication anonymous anonymous authentication user use user provided pki certificates server authenticate authenticate server only futurex admin use futurex signed certificates to connect for this example, select futurex admin pki type if using futurex certificates, select rsa or ecc tls ciphers/ tls protocols choose the desired tls ciphers and tls protocols select \[ submit ] your newly added device profile displays under the list of devices and services in the excrypt touch dashboard make the following changes to the device now displayed in the connected devices in the offline column select modify if you'd like to edit the device profile select test to verify the connectivity of the device (must have a valid ip address) choose ping to send a packet test to the device choose retry to re run the test start the {{k}} profile and log in use the excrypt touch to remotely connect to your {{k}} and make the following additional configuration changes to start the {{k3}} connection profile, touch the arrow next to the device profile the device comes online and shows in the online column when the device is online, you can access the application manager for that device and communicate with the device as needed select \[ go ] in the right column to access the connected device after the application manager loads, log in with the default admin identities create a user role perform the following steps to create a user role go to the roles menu, and select \[ add ] on the info tab of the role editor window, configure the following settings setting required configuration type administration name printers hardened select the checkbox to enable logins required set to 2 go to the permissions tab and enable the following permissions permission s ubpermissions to enable device enable the following subpermissions ftp server power control zeroize excrypt touch enable all subpermissions file encryption enable all subpermissions file encryption management enable all subpermissions identity enable all subpermissions high level keys enable keys enable the following subpermissions add delete export import components major keys enable the following subpermissions clear load high level role enable all subpermissions security enable the following subpermissions key settings password settings secure mode tls resign select \[ ok ] to finish creating the new role create new identities perform the following steps to create new identities go to the identities menu, right click the blank whitespace, and select add > user on the info tab of the role editor dialog, configure the following settings setting required configuration type administration name print1 hardened select the checkbox to enable locked leave unchecked on the assigned roles tab, select the printers role that you created in the previous section on the user login tab, set a password for the identity select \[ ok ] to finish creating the first new identity right click the blank whitespace on the identities menu, then select add > user on the info tab of the role editor dialog, replicate the settings from step 2, but set print2 in the name field this time on the assigned roles tab, select the printers role that you created in the previous section on the user login tab, set a password for the identity select \[ ok ] to finish creating the second new identity synchronize users between the kmes and excrypt touch go to the roles menu and select \[ excrypt touch sync ] when prompted to log in to the local hsm of the excrypt touch, log in with the default admin identities after logging successfully, a message box informs you that tablet users have been synced successfully for further confirmation that users and identities synced successfully, log in to the excrypt touch by using the print1 and print2 identities that you created on the {{k}} in the previous section