HP Bc1500 Implementation of an ActivCard smart card solution on HP CCI
HP Bc1500 - BladeSystem - Blade PC Manual
View all HP Bc1500 manuals
Add to My Manuals
Save this manual to your list of manuals |
HP Bc1500 manual content summary:
- HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 1
2 Configuration compatibility 3 Software configuration 4 Step 1: Configuring a Certificate Authentication (CA) service 4 Step 2: Group policy setting 9 Step 3: HP blade PC middleware configuration 10 Step 4: Client smart card driver configuration 10 Smart card setup 11 Initialization of the - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 2
images and instructions in this white paper use Microsoft Windows XPe; however, HP also tested HP Server running F5 networks BigIP version 4.6.4. or • HP Server running HP Session Allocation Manager version 1.0. • Primary Domain Controller. • HP server running Microsoft Windows Enterprise 2003 Server - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 3
• Blade Enclosure. • HP e-class blade enclosure. • Blade PCs • HP bc1000 blade PC running Microsoft Windows XP SP2 w/HPSAM blade service installed. • HP bc1500 blade PC running Microsoft Windows XP SP2 w/HPSAM blade service installed. • Clients • HP Compaq t5000 series thin client running Microsoft - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 4
Middleware running on a HP blade PC 4. Smart card client driver Step 1: Configuring a Certificate Authentication (CA) service Configure a CA service. This white paper uses Microsoft Certificate Services to configure certificates. Detailed instructions for installing a CA service is beyond the scope - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 5
4. Type a name for the new template in the Template display name box. This example uses CCI Smartcard Logon. 5 - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 6
5. Click the Request Handling tab. 6. Select or type 1024 in the Minimum key size box. 7. Click the CSPs button. 8. Select Requests can use any CSP available on subject's computer. 9. Click the Security tab. 6 - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 7
completed creation of the template. 11. Copy the CCI Smartcard Logon certificate template into the Certificate Templates folder under the cer- tificate server. a) Expand the Certification Authority object in the MMC you created in step 1. b) Expand your CA name. c) Right-click on the Certificate - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 8
d) Select New > Certificate Template to Issue. 12. Select the template, and then click OK to import the template. 8 - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 9
Step 2: Group policy setting Apply the following smart card group policy settings to the computer through a user policy setting or through a computer policy setting: • Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options - Inter- active Logon: Require smart card, - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 10
one of the following ActivCard middleware packages on the HP Blade PCs: • ActivCard ActivClient v5.4 • ActivCard Gold v2.2 Step 4: Client smart card driver configuration Configure thin client software (XPe and CE). Detailed instructions for installing drivers on an XPe or CE image is beyond the - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 11
the folder where they were installed (\Windows) to the \Hard Disk\Program Files folder so the drivers will be written to flash memory.USB Combo Fingerprint & Smart Card Reader (SCM Microsystems SPR337) Driver: spr337.sys, version 1.16.00.01 Smart card setup Initialization of the smart card using - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 12
smart card reader. f) Under Device status, verify the message "This device is working properly." 3. To begin the enrollment from the blade PC side, open the Remote Desktop Connection window by clicking Start > All Programs > Accessories > Communications. 4. Select the Local Resources tab. 12 - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 13
5. In the Local Devices area, select Smart cards. 6. Connect to the blade PC on which you will set up the smart card and log in as a domain-authenticated user. 7. Verify the ActivCard icon is displayed in the system - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 14
HP Session Allocation Manager Client (HPSAM Client) 1. Power on the thin client with the smart card reader installed. 2. Open Device Manager to verify that the drivers properly." 3. To begin the enrollment from the blade PC side, open the HP PC Session Allocation Client window by clicking Start > All - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 15
6. Connect to the blade PC on which you will set up the smart card, and then log in as a domainauthenticated user. 7. Verify the ActivCard icon is displayed in the system - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 16
Requesting a certificate from the blade PC 1. Open Internet Explorer and go to the Certification Server enrollment Web site. The address of this Web site was determined when the Certification Server was set up (see "Step 1: Configuring a Certificate Authentication (CA) service" on page 4). If you do - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 17
6. If a warning message displays about a potential scripting violation, press Yes to continue with the certificate request. 7. After the system generates the public and private keys, the page to install the certificate displays. Select Install this certificate. This command installs the users's - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 18
To verify that the CCI SmartCard Logon certificate for the user is installed on the smart card: 1. Click the ActivCard icon in the system tray to open the ActivCard Gold utility. 2. In the right pane, select the My Certificates icon. The system displays the username ID. 3. Select the username ID to - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 19
smart card PIN. 4. Type the PIN that you assigned. The user is logged into the blade Usage case 2: User authentication from client device to blade PC using HPSAM client The following steps provide instructions for performing a functional test of the CCI SmartCard Logon certificate: 1. Log out of the - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 20
. 4. Type the PIN that you assigned. The user is logged into the blade PC. Usage case 3: Accessing secure Web site The following steps provide instructions for accessing a secure Web site using an ActivCard through a blade PC. Installing and configuring a secure Web site is beyond the scope of this - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 21
of Internet Explorer confirms that you are connected to a secure Web site. Usage case 4: User authentication using VPN through firewall to blade PC Instructions for installing and configuring a VPN tunnel with a firewall is beyond the scope of this white paper; therefore, the white paper assumes - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 22
4. In the Company Name box, type the name for the VPN connection (for example, Work), and then click Next. 5. Select Do not dial the initial connection, and then click Next. 6. In the text box, type the host name or IP address of the VPN tunnel, and then click Next. 7. Select Use my smart card, and - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 23
the VPN connection. 2. In Smart card PIN, type the PIN, and then click OK. While establishing the VPN connection, the system displays Verifying username and password and Authenticated. 23 - HP Bc1500 | Implementation of an ActivCard smart card solution on HP CCI - Page 24
to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors
1
Implementation of an ActivCard® smart card solution on HP CCI
Introduction
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Reference hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Configuration compatibility
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Software configuration
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Step 1: Configuring a Certificate Authentication (CA) service . . . . . . . . . . . . . . . . . . . . . . .4
Step 2: Group policy setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Step 3: HP blade PC middleware configuration
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Step 4: Client smart card driver configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Smart card setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Initialization of the smart card using Microsoft Remote Desktop Connection
. . . . . . . . . . . .11
Initialization of the smart card using HP Session Allocation Manager Client (HPSAM Client) .14
Requesting a certificate from the blade PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Usage cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Usage case 1: User authentication from client device to blade PC using RDP
. . . . . . . . . . .19
Usage case 2: User authentication from client device to blade PC using HPSAM client
. . . .19
Usage case 3: Accessing secure Web site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Usage case 4: User authentication using VPN through firewall to blade PC
. . . . . . . . . . . .21
Additional information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24