vSEC:CMS C-Series - Cloud
vSEC:CMS will change your views on how to manage the lifecycle of authentication tokens. The vSEC:CMS C-Series is an innovative, easily integrated and cost effective Smart Card Management System or Credential Management System (SCMS or CMS) that will help you deploy and manage credentials within your organization.
The vSEC:CMS C-Series is fully functional with minidriver enabled credentials and it streamlines all aspects of a credential card management system by connecting to enterprise directories, certificate authorities, physical access control systems, email servers, log servers, biometric fingerprint readers, PIN mailers etc. Organizations can run vSEC:CMS C-Series in public clouds, private clouds and hybrid clouds. With vSEC:CMS organizations can issue badges to employees, personalize the badges with authentication credentials and manage the lifecycle of the badges - directly from the cloud.
vSEC:CMS C-Series on Azure
vSEC:CMS will change your views on how to manage the lifecycle of smart cards/secure tokens. The vSEC:CMS C-Series on Azure is an innovative, easily integrated and cost effective Credential Management System that will help you deploy and manage credentials within your organization. Organizations can run vSEC:CMS C-Series in public clouds, private clouds and hybrid clouds.
vSEC:CMS C-Series on AWS
vSEC:CMS will change your views on how to manage the lifecycle of credentials. The vSEC:CMS C-Series on AWS is an innovative, easily integrated and cost effective Credential Management System or Credential Management System (SCMS or CMS) that will help you deploy and manage credentials within your organization. Organizations can run vSEC:CMS C-Series in public clouds, private clouds and hybrid clouds.
The cornerstone of the vSEC:CMS security is that all sensitive data and keys are secured using hardware. Operators of the system are securely authenticated using two-factor authentication and all usage is securely audited for full traceability. The main task of a secure device management system is to connect security devices (such as smart cards) to user identities in enterprise systems (such as user directories) and maintain this connection throughout the lifecycle of the security device. That implies need of communication with several external systems. In vSEC:CMS C-Series, only proven and secure standards for these connectors are used.
We support many different use cases and the configuration options and feature set is vast. But it’s easy to get started. The most common use case is being able to issue a Smart Card with a Windows logon certificate to a user in a secure way. Follow our guides and this can be accomplished in minutes rather than days. Once you have the initial use case configured you can build from there adding User Self Service, Remote Operators and support for other secure devices including Virtual Smart Cards.
Use Case Guide: Windows Smart Card Logon
We will guide you through the initial setup all the way to you issuing and managing the lifecycle of your secure devices. Follow the guide below:
Windows Smart Card Logon Note: The PKI used in this example use case will be an MS CA. Other PKIs are also supported.
Before beginning this article, it is necessary that you have successfully completed the article Install and Configure vSEC:CMS on First Use.
Follow the instructions in this article to setup and configure the vSEC:CMS such that it will be possible to issue and manage a smart card token to be used for Windows smart card logon.
Note: The PKI used in this example use case will be an MS CA.
Note: The smart card type that will be managed in this use case will be a generic mini-driver smart card token.
Step 1 - Configure Card Template
1. Navigate to Options - Smart Cards page. When the page is loaded attach the smart card token that is to be issued with the vSEC:CMS. The vSEC:CMS will filter the card type and present the smart card template available in the vSEC:CMS.
2. Select the entry and click Edit. For Smart Card Access ensure that Use minidriver if possible is selected and click Save.
3. From Templates - Card Templates click the Add button.
4. Click the Edit link for General.
5. Enter a template name and attach the smart card token that is to be issued and click the Detect button to allow the vSEC:CMS to detect the smart card token type that is to be used for this card template. Click Ok to close the dialog.
6. Allow all other default settings in the General dialog and click Ok to save the settings and close this dialog.
7. Click the Edit link for Issue Card.
8. From User ID Options section enable Assign User ID and select the AD connection already configured.
9. From Enroll Certificate Options section enable Enroll certificate(s) and click the Add button. Select the CA connection already configured from the Certificate Authority drop down list and select the smart card logon certificate template as configured on your CA from the Certificate template list and click Ok to save and close the dialog.
10. Allow all other defaults for the Issue Card dialog and click Ok to save and close.
11. Click Ok to save and close the card template configuration.
Important: It is important that the Windows smart card logon certificate template on the CA is configured to require an authorized signature. From the Issuance Requirements tab for the certificate template properties on the CA make sure to enable This number of authorized signatures and set a value of 1 and for Application policy drop down list select the Certificate Request Agent option.
Step 2 - Issue Smart Card Token
1. From the Lifecycle page attach the smart card token that is to be issued and click the Issued oval. Select the card template from the Select card template drop-down list and click the Execute button.
2. Enter the Operator token PIN (Passcode) code when prompted.
3. Select a user from AD that the smart card token is to be issued to.
4. When the issuance completes a message dialog indicating that an authentication key has been added to the vSEC:CMS will appear followed by a short summary dialog with details on what operations have been performed.
The smart card token is now in an Issued state as can be seen from the process diagram. By default, the smart card PIN will be blocked so it will be necessary to unblock the smart card. Typically, the person who will use this smart card will set the PIN code on the smart card.
5. Click the Active oval and click the Execute button.
6. Enter the Operator token PIN (Passcode) code when prompted.
7. Enter the PIN code that will be set on the smart card token. Click Initiate to set the PIN code on the smart card and make it active.
8. A summary dialog will appear. Click Ok to close.
Step 3 - Perform Windows Smart Card Logon
On a Windows system connected to the domain attach the smart card token and enter the smart card PIN code created earlier to logon.
This completes the use case.