Installing and Using ActivID KMS

This section presents a brief overview of how ActivID Key Management System (KMS) works with ActivID CMS. Then it describes in detail the following topics:

How to install and test ActivID KMS.
How ActivID KMS functions as part of the key management process.
How to use ActivID KMS in a production environment.

Note: For more information about ActivID KMS, see About the ActivID Key Management System.

To maintain the security of HSMs A Hardware Security Module (HSM) securely stores secret key material. They are similar to large-storage, multisession smart cards. However, unlike smart cards, they are used mainly on the server side of a system., you must install ActivID KMS in a physically secure area. In addition, the ActivID KMS machine suggests a removable hard drive that you can lock in a safe when ActivID KMS is not in use.

The following diagram illustrates how ActivID KMS works with the ActivID Credential Management System (CMS).

ActivID KMS Working with ActivID CMS

For some HSMs (for example, a network HSM), ActivID KMS expects that the HSM units are set up already with the tools provided by the HSM manufacturer. For details, refer to your HSM manufacturer’s technical documentation.

Important: Every ActivID CMS server (that is not in a pool) must use a different HSM, or at least a different HSM partition. Two different ActivID CMS servers cannot share the same HSM partition. For more information about how HSMs should be set up for use with ActivID KMS and ActivID CMS, refer to Overview of HSM Configuration.

Topics in this section: