Using Fortanix Data Security Manager With AppViewX CLMaaS

1.0 Introduction

The integration between appviewX and Fortanix helps enterprises overcome the challenges brought by managing private keys in a complex infrastructure. appviewX acts as the automation and orchestration engine for the lifecycle management of X.509 certificates, and Fortanix-Data-Security-Manager (DSM) ensures the security of the private keys associated with those certificates in the cloud, on-premises or as a hybrid solution.

2.0 Prerequisites

• The avx_platform_hsm plugin should be up and running in the appviewX cluster.

  If not, follow the steps given in Section 4.0 Integration Fortanix HSM with appviewX CLMaaS to enable this plugin.

3.0 Configure Fortanix DSM

A Fortanix DSM service must be configured, and the URL must be accessible. To create a Fortanix DSM account and group, refer to the following sections:

3.1 Signing Up

To get started with the Fortanix Data Security Manager (DSM) cloud service, you must register an account at <Your_DSM_Service_URL>. For example, https://eu.smartkey.io.

For detailed steps on how to set up the Fortanix DSM, refer to the User's Guide: Sign Up for Fortanix Data Security Manager SaaS documentation.

3.2 Creating an Account

Access the <Your_DSM_Service_URL> on the web browser and enter your credentials to log in to the Fortanix DSM.

3.3 Creating a Group

Perform the following steps to create a group in the Fortanix DSM:

1. Click the Groups menu item in the DSM left navigation panel and click the + button on the Groups page to add a new group.

   

2. On the Adding new group page, enter the following details:

   • Title: Enter a title for your group.

   • Description (optional): Enter a short description for the group.

3. Click the SAVE button to create the new group.

The new group has been added to the Fortanix DSM successfully.

3.4 Creating an Application

Perform the following steps to create an application (app) in the Fortanix DSM:

1. Click the Apps menu item in the DSM left navigation panel and click the+ button on the Apps page to add a new app.

   

2. On the Adding new app page, enter the following details:

   • App name: Enter the name of your application.

   • ADD DESCRIPTION (optional): Enter a short description for the application.

   • Authentication method: Select the default API Key as the method of authentication from the drop down menu. For more information on these authentication methods, refer to User's Guide: Authentication documentation.

   • Assigning the new app to groups: Select the group created in Section 3.3: Creating a Group from the list.

3. Click the SAVE button to add the new application. 

The new application has been added to the Fortanix DSM successfully.

3.5 Copying the API Key

Perform the following steps to copy the API key from the Fortanix DSM:

1. Click the Apps menu item in the DSM left navigation panel and click the app created in Section 3.4: Creating an Application to go to the detailed view of the app.

2. On the INFO tab, click the VIEW API KEY DETAILS button.

3. From the API Key Details dialog box, copy the API Key of the app to use it later in Vendor specific details in Section 4.0: Integration Fortanix HSM with appviewX CLMaas.

4.0 Integration Fortanix HSM with appviewX CLMaaS

The following are the steps to integrate Fortanix DSM with appviewX:

1. Make sure appviewX cloud connector is installed in your network. Communication from appviewX to Fortanix HSM will be routed through this cloud connector.

2. Log in to the appviewX UI using valid credentials. By default, the Dashboard is displayed.

3. From the top-right corner of the Dashboard, click  .

4. From the menu displayed, select Inventory → Device.

   

   The Device :: ADC page is displayed.

5. Under the HSM tab, from the navigation pane on the left, select Fortanix.  

   

6. In the General Information section, enter/select the following details:

   • Name*: Enter a name for this integration.

   • Description: Enter a description for the integration.

   • Implementation type: Select the implementation type.

   • Data center*: From the dropdown list, from the list of applicable values, select the required data center.

     NOTE

     The data center selected here is used to map the appviewX Cloud Connector for this integration.

7. In the Vendor specific details section, enter/select the following details:

   • API Key*: Fortanix DSM app credentials.

   • Key handler name*: A reference name to create a Master Encryption key in HSM. This enables us to pick the right MEK for crypto operations over KEK.

   • So file location*: The SO file is used to facilitate the communication between the HSM and appviewX.
     To upload the .so file:

     1. Click Browse.

     2. Navigate to the location of the .so file.

     3. Select the .so file and click Open.

   • Config file location: The Config file is used to facilitate the communication between the HSM and appviewX.
     To upload the .conf file:

     1. Click Browse.

     2. Navigate to the location of the .conf file.

     3. Select the .conf file and click Open.

8. Click Save.

9. Scroll to the end of this page to view the table that will be populated with all the details of this HSM.
   If the HSM has been configured correctly, the Status for the HSM will be set to Available (after checking the encryption and decryption logic).
   If the Status is Not Available:

   • Check the installation path for the HSM.

   • Ensure that all required permissions have been enabled.

10. If the implementation type is CSR Generation, to generate the CSR, follow the steps given here:

    • https://adminguide.appviewx.com/server-certificate-enrollment-5

    • https://adminguide.appviewx.com/client-certificate-enrollment-4-2

    • https://adminguide.appviewx.com/code-signing-certificate-enrollment-4-2