Using Fortanix Data Security Manager With AppViewX On-Premises

Prev Next

1.0 Introduction

The integration between AppViewX and Fortanix-Data-Security-Manager (DSM) helps enterprises overcome the challenges brought by managing private keys in a complex infrastructure. AppViewX acts as the automation and orchestration engine for the lifecycle management of X.509 certificates, and Fortanix DSM ensures the security of the private keys associated with those certificates in the cloud, on-premises or as a hybrid solution.

2.0 Prerequisites

Ensure that Fortanix provides the following files for PKCS#11 integration:

  • fortanix_pkcs11.so - The PKCS#11 shared library. This can be downloaded from Fortanix DSM PKCS#11 Client Software.

  • pkcs11.conf - A text configuration file provided with the library that specifies how the PKCS#11 library connects to Fortanix DSM.

    The following is a sample pkcs11.cong file:

    api_endpoint = "<ENDPOINT URL>" or "<ENDPOINT IP>"  # default is "https://apps.smartkey.io"
    retry_timeout_millis = xxxxxx # Example 60000
    [log]
    system = true      # Unix only, logs to syslog
    file = "/path/to/log/file"

3.0 Integrating Fortanix HSM with AppViewX On-Premises

The following are the steps to integrate Fortanix DSM with AppViewX on-premises:

  1. Copy the files fortanix_pkcs11.so and pkcs11.conf to the AppViewX nodes where the avx_vendors plugin is enabled.

  2. Place the fortanix_pkcs11.so file in the /opt/fortanix/pkcs11/ directory.

  3. In the AppViewX nodes where the avx_vendors plugins are enabled, navigate to the AppViewX install and properties directory. Edit the properties file and enter the value for the key FORTANIX_PKCS11_LIBRARY_PATH as follows:

    FORTANIX_PKCS11_LIBRARY_PATH = /opt/fortanix/pkcs11/fortanix_pkcs11.so
  4. Place the pkcs11.conf file in the /etc/fortanix directory.

  5. Once the above-mentioned steps are executed, restart the plugins and the gateway using the following command:

    avx --restart plugins
    avx --restart gateway
  6. Once the Components are up and running, navigate to the AppViewX GUI, login, and navigate to Inventory → Device → HSM.  

    AppViewXGUI.png

    Figure 1: AppViewX GUI

  7. Select Fortanix HSM and click Configure Now or the (+) the button, do the following:

    1. Enter the Name and select the Data center.

    2. Provide the API Key and any user-defined Key handler name.

    3. Click Save.

      Once saved, if the integration is completed successfully, you will see a pop up in the UI with a message indicating that the HSM settings have been saved successfully.