Prerequisites
Before starting the process of integrating the Securosys CloudHSM or on-premises Primus HSM with CyberArk Privileged Access Manager – Self-Hosted, please make sure to fulfill all the necessary requirements listed below:
- Existing CyberArk Primary-DR environment.
- Securosys PKCS#11 Provider v1.8.6 or newer
- Securosys CloudHSM Service (HSM as a Service) or
Securosys Primus HSM, firmware v2.8.21, v2.10.5 or newer
with PKCS#11 API and Session Object support enabled.
CyberArk PAM Installation
This guide assumes that CyberArk Privileged Access Manager is already downloaded and installed.
- Successfully executed CyberArk Primary-DR environment pre-install tasks for using the Securosys HSM,
- The recovery private key (
recprv.key) must be available. The recovery private key is used when a key to a Safe, encrypted with an external key, is forgotten.
Please consult the CyberArk Privileged Access Manager for more details on the installation and configuration of CyberArk PAM.
Primus CloudHSM or Primus HSM Setup and Configuration
Securosys CloudHSM
Securosys CloudHSM allows almost instant HSM operation by selecting and contracting the different services and options for your CyberArk Digital Vault For available service packages and options consult our website Securosys CloudHSM Service and contact Securosys sales.
Ensure the PCKS#11 API is included and activated in you subscription.
Securosys Primus HSM (on-premises)
Consult Primus HSM PKCS#11 Provider User Guide - Primus HSM Configuration to setup the Primus HSM for PKCS#11 usage.
Ensure the PCKS#11 API is licensed and activated on your device.
For genereal on on-premises Primus HSM hardware, HA Cluster setup and operation in FIPS or Common Criteria certified modes, refer to the corresponding Primus HSM User Guide for details.