Prerequisites
Before starting the process of integrating the Securosys CloudHSM or on-premise Primus HSM with Securden Privileged Access Manager (Self-Hosted), please make sure to fulfill all the necessary requirements listed below:
- Existing Securden Installation
- An HSM:
- Securosys CloudHSM, or
- Securosys Primus HSM, firmware v2.8.22, v2.11.3, v3.0.8 or newer.
- Primus PKCS#11 Provider v1.8.6 or newer installed on the Securden device(s)
Install Securden Unified PAM
Obtain and install Securden Unified PAM.
Get an HSM
Before you start, you need to have an HSM. This can be an on-premise Primus HSM, that your install and configure yourself. Alternatively, Securosys CloudHSM is a managed HSM service, allowing you to get started immediately.
For on-premise HSMs, ensure that:
- The PKCS#11 API is licensed.
- The PKCS#11 API and Session Objects are enabled in the security configuration of your HSM.
Configure the Primus PKCS#11 Provider
Because Securden uses the PKCS#11 API to access the HSM, the Primus PCKS#11 API provider needs to be installed and configured on the servers that run Securden Unified PAM.
Please follow the PKCS#11 provider installation guide to install and configure the provider.