Instruction/ maintenance manual of the product Smart Card HP (Hewlett-Packard)
Go to page of 24
1 Implementati on of an A cti vC ar d® smar t car d soluti on on HP CCI Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Prerequisites . . . . . . . . . . . . . . .
2 This w hite paper disc usses the impl e mentation of A ctivC ard® smart car ds on HP Consoli dated Client Infr astru cture (C CI) . T his white paper is no t intend ed as a compr ehensi ve o vervi ew of A cti vCard smart card tec hnology .
3 • Blade Enclo sure . • HP e -class blade enc l osur e . • Blade PC s • HP bc1000 blade PC running Mic r osoft W indow s XP SP2 w/HP SA M blade service ins talled. • HP bc1500 blade P C running Mi cr osoft Windo w s XP SP2 w/HPS AM blade servi ce installed.
4 Sof t war e co nfigu ratio n Conf igur e the follo wing items to set up a smart card so lution on CCI: 1. Certif icate Au thentication (CA ) servi ce 2. Gr oup policy settings 3. Middle war e running on a HP blade PC 4. Smart card c lient dr iv er St ep 1: Conf iguring a C ertifi cate Authenti cation (CA ) ser v ice Conf igur e a CA servi ce.
5 4. T y pe a name for the ne w template in the Te m p l a t e d i s p l a y n a m e box . This ex ample use s CCI Smartcard Logon ..
6 5. Clic k the Request Handling tab . 6. Select or ty pe 1024 in the Minimum ke y size box . 7. Click t he CSP s button. 8. Select Reque sts can u se an y C SP a vailable on subject' s compute r .
7 10. In the P e rmissions for Auth enticated Us ers bo x, in the Allo w column, selec t Re ad and Enroll . Y ou have completed c reation of the template . 11. Cop y the CCI Smartcard L ogon cer tifi cate template in to the C ertificate T emplates f older under the cer- tifi cate server .
8 d) Select Ne w > Certifica te T emp late to I ssue . 12. Selec t the template , and then cli ck OK to import the template..
9 St ep 2: Gr oup polic y setting Apply the f ollow ing smart card gr oup polic y settings to the computer through a user poli cy setting or thr ough a computer policy s etting: • Compu ter Conf igur ationWindo ws SettingsS ecur ity SettingsLocal P olic iesSec urity Options - In ter- acti ve L ogon: Requir e smar t card , enable or disable .
10 St ep 3: HP blade PC mi ddlew are conf igur ation The f ollo wing pr ov ides HP blade P C softwar e confi gurati on: • F or the purpo ses of this whit e paper , an HP CC I implementation w ith the hard war e and softwar e components listed in “R efer ence hard war e and softwar e ” on page 2 was u sed.
11 • USB CA C appr ov ed smart card reader (S CM Mic ros ystems S CR331 R eader) Dri ver : SCR3 3X2K.s ys, v ersi on 4.2 7 . 00.01 NO TE: Fo r Mic ro soft Windo ws CE .
12 d) In the ri ght pane, e xpand Smar t card readers . e) Select the ins talled smart card r eader . f) Under De vice status , v eri f y the mess age “This de vi ce is wo rking pr operly .
13 5. In the Local De vices area , select Smart cards . 6. Connect to the blade P C on whic h you w ill set up the smart card and log in as a domain-authenti- cated user . 7. V erify the Ac tivCar d icon is display ed in the sy stem tr ay . 8. Insert an unprogr ammed Acti vCard-compatible smart ca rd into the r eader .
14 Initiali z ation of the smart car d using HP Ses sion A llocation Manager C lient (HP S AM Client) 1. P o wer on the thin c lient w ith the smart card r eader installed . 2. Open Dev ice Manager to v er if y that the dr iv ers fo r the card r eader ar e installed: a.
15 6. Connect to the blade P C on whic h you w ill set up the smart card , and then log in as a domain- authenticated user . 7. V erify the Ac tivCar d icon is display ed in the sy stem tr ay . 8. Insert an unprogr ammed Acti vCard-compatible smart ca rd into the r eader .
16 R equesting a certifi cate fr om the blade P C 1. Open Internet Explor er and go to the Certifi cation Server enr ollment W eb site. T h e addr ess of this W eb site was det ermined w hen the Certifi cation Serve r was se t up (see “Step 1: C onfi guring a Certif- icate A uthenticati on (CA) serv ice ” on page 4) .
17 6. If a war ning message display s about a potential sc ripting v iolation , pres s Ye s to continue w ith the cer tificate request. 7. After the s ystem gener ates the public and pri vate k ey s, the page to install the certifi cate display s. Select Install t his certifica te .
18 T o ver i fy that the CCI SmartCar d Logon certifi cate fo r the user is installed o n the smar t car d: 1. Clic k the ActivC ard i con in the sy stem tra y to open the Acti vCard Gold utility . 2. In the ri ght pane, s elect the My C e r t if i c a te s icon.
19 Usage cases Usage case 1 : User aut hent ication fr om client de vi ce to blade PC u sing RDP The f ollo wing s teps pr ov ides instruc tions fo r performing a f unctional te st of the CCI SmartCar d Logon cer- tifi cate: 1. Log out o f the RD P sessi on.
20 2. Open the HP S AM client w indow and initiate a connec tion to the blade P C. 3. Mak e sure a smart car d is installed in the reade r . The s y stem r equests the smart card P IN. 4. T y pe the PIN that y ou assigned . The user is logged into the blade P C.
21 4. In Internet Explor er , type the addr ess of a sec ure W eb site. 5. If th e sy stem displays security a ler t messag es, click OK . The LED on the car d reader indi cates when the W eb si te is accessing the smart card t o ver i fy whether the certific ate is appro ved for the sit e.
22 4. In the Compa ny Name box , t ype the name f or the VPN connection (f or ex ample , Work ) , and then click Ne xt . 5. Select Do not dial t he initial connec tion , and then c lick Ne xt . 6. In the te xt box , type the host name or IP addr ess of the VPN tunnel , and then clic k Ne xt .
23 2. Rig h t - c l ick o n t h e VPN connection icon and select Properties . Y ou can initiate the VPN connecti on after setting it up , as follo ws: 1.
24 After the connecti on is established , the net w ork connection i con display s in the sy stem tr ay . Additi onal infor matio n F or mor e informati on about HP C onsolidated C lient Infr astru ctur e, see http://h71028.www7 .hp.com/ enterprise/cache/988 5-0 -0 - 22 5-121.
An important point after buying a device HP (Hewlett-Packard) Smart Card (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought HP (Hewlett-Packard) Smart Card yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data HP (Hewlett-Packard) Smart Card - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, HP (Hewlett-Packard) Smart Card you will learn all the available features of the product, as well as information on its operation. The information that you get HP (Hewlett-Packard) Smart Card will certainly help you make a decision on the purchase.
If you already are a holder of HP (Hewlett-Packard) Smart Card, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime HP (Hewlett-Packard) Smart Card.
However, one of the most important roles played by the user manual is to help in solving problems with HP (Hewlett-Packard) Smart Card. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device HP (Hewlett-Packard) Smart Card along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
