1. Fortanix
  2. Fortanix Data Security Manager (DSM)
  3. Integration / Use-case
  4. Certificate Management

Using Fortanix Data Security Manager With AppViewX CLMaaS

Last Updated: 

Introduction

The integration between AppViewX and Fortanix helps enterprises overcome the challenges brought by managing private keys in a complex infrastructure. AppViewX acts as the automation and orchestration engine for the lifecycle management of X.509 certificates, and Fortanix Data Security Manager (DSM) ensures the security of the private keys associated with those certificates in the cloud, on-premises or as a hybrid solution.

Integrating Fortanix HSM with AppViewX CLMaaS

Prerequisites

  • The avx_platform_hsm plugin should be up and running in the AppViewX cluster.

    If not, follow the steps given below to enable this plugin.

Integration Procedure

The following are the steps to integrate Fortanix DSM with AppViewX:

  1. Make sure AppViewX cloud connector is installed in your network. Communication from AppViewX to Fortanix HSM will be routed through this cloud connector.
  2. Log in to the AppViewX UI using valid credentials. By default, the Dashboard is displayed.
  3. From the top-right corner of the Dashboard, click DeviceIcon.png.
  4. From the menu displayed, select Inventory > Device.
    AppViewX-Device.png
    Figure 1: AppViewX Dashboard
    The Device :: ADC page is displayed.
  5. Under the HSM tab, from the navigation pane on the left, select Fortanix. AppViewX-HSMDevice.png Figure 2: Fortanix HSM device
  6. In the General Information section, enter/select the following details:
    • Name*: Enter a name for this integration.
    • Description: Enter a description for the integration.
    • Implementation type: Select the implementation type.
    • Data center*: From the dropdown list, from the list of applicable values, select the required data center.
      NOTE
      The data center selected here is used to map the AppViewX Cloud Connector for this integration.
  7. In the Vendor specific details section, enter/select the following details:
    • API Key*: Unique identification number of the slot in the HSM Luna client that will be used to communicate with the end HSM device.
    • Key handler name*: A reference name to create a Master Encryption key in HSM. This enables us to pick the right MEK for crypto operations over KEK.
    • So file location*: The SO file is used to facilitate the communication between the HSM and AppViewX.
      To upload the .so file:
      1. Click Browse.
      2. Navigate to the location of the .so file.
      3. Select the .so file and click Open.
    • Config file location: The Config file is used to facilitate the communication between the HSM and AppViewX.
      To upload the .conf file:
      1. Click Browse.
      2. Navigate to the location of the .conf file.
      3. Select the .conf file and click Open.
  8. Click Save.
  9. Scroll to the end of this page to view the table that will be populated with all the details of this HSM.
    If the HSM has been configured correctly, the Status for the HSM will be set to Available (after checking the encryption and decryption logic).
    If the Status is Not Available:
    • Check the installation path for the HSM.
    • Ensure that all required permissions have been enabled.
  10. If the implementation type is CSR Generation, to generate the CSR, follow the steps given here:

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful