Introduction
The integration between AppViewX and Fortanix helps enterprises overcome the challenges brought by managing private keys in a complex infrastructure. AppViewX acts as the automation and orchestration engine for the lifecycle management of X.509 certificates, and Fortanix Data Security Manager (DSM) ensures the security of the private keys associated with those certificates in the cloud, on-premises or as a hybrid solution.
Integrating Fortanix HSM with AppViewX CLMaaS
Prerequisites
- The avx_platform_hsm plugin should be up and running in the AppViewX cluster.
If not, follow the steps given below to enable this plugin.
Integration Procedure
The following are the steps to integrate Fortanix DSM with AppViewX:
- Make sure AppViewX cloud connector is installed in your network. Communication from AppViewX to Fortanix HSM will be routed through this cloud connector.
- Log in to the AppViewX UI using valid credentials. By default, the Dashboard is displayed.
- From the top-right corner of the Dashboard, click
.
- From the menu displayed, select Inventory > Device.
Figure 1: AppViewX Dashboard
The Device :: ADC page is displayed. - Under the HSM tab, from the navigation pane on the left, select Fortanix.
Figure 2: Fortanix HSM device
- In the General Information section, enter/select the following details:
- Name*: Enter a name for this integration.
- Description: Enter a description for the integration.
- Implementation type: Select the implementation type.
- Data center*: From the dropdown list, from the list of applicable values, select the required data center.
- In the Vendor specific details section, enter/select the following details:
- API Key*: Unique identification number of the slot in the HSM Luna client that will be used to communicate with the end HSM device.
- Key handler name*: A reference name to create a Master Encryption key in HSM. This enables us to pick the right MEK for crypto operations over KEK.
- So file location*: The SO file is used to facilitate the communication between the HSM and AppViewX.
To upload the.so
file:- Click Browse.
- Navigate to the location of the
.so
file. - Select the
.so
file and click Open.
- Config file location: The Config file is used to facilitate the communication between the HSM and AppViewX.
To upload the.conf
file:- Click Browse.
- Navigate to the location of the
.conf
file. - Select the
.conf
file and click Open.
- Click Save.
- Scroll to the end of this page to view the table that will be populated with all the details of this HSM.
If the HSM has been configured correctly, the Status for the HSM will be set to Available (after checking the encryption and decryption logic).
If the Status is Not Available:
- Check the installation path for the HSM.
- Ensure that all required permissions have been enabled.
- If the implementation type is CSR Generation, to generate the CSR, follow the steps given here:
Comments
Please sign in to leave a comment.