vSEC:CMS C-Series on AWS

vSEC:CMS will change your views on how to manage the lifecycle of credentials. The vSEC:CMS C-Series on AWS is an innovative, easily integrated and cost effective Credential Management System or Credential Management System (SCMS or CMS) that will help you deploy and manage credentials within your organization. Organizations can run vSEC:CMS C-Series in public clouds, private clouds and hybrid clouds.

versasec media
vSEC:CMS Connectors (see figure above)
  1. 1. Smart card printer for batch operations
  2. 2. User directory for looking up users
  3. 3. File and database servers
  4. 4. Secure transport of PIN codes
  5. 5. Event & log management
  6. 6. User photo capture
  7. 7. Certificate/PKI services
  8. 8. Physical access control systems
  1. 9. Hardware security module
  2. 10. Secondary/out-of-band communication
  3. 11. Key archival & key recovery
  4. 12. Credential provider -login screen interface
  5. 13. Remote security device management
  6. 14. User self-service application
  7. 15. Physical & virtual smart cards/tokens
  8. 16. Administrative operator console

The vSEC:CMS C-Series is fully functional with minidriver enabled credentials and it streamlines all aspects of a credential management system by connecting to enterprise directories, certificate authorities, physical access control systems, email servers, log servers, biometric fingerprint readers, PIN mailers etc. With vSEC:CMS organizations can issue credentials to employees, personalize the credential with authentication certificates and manage the lifecycle of the credentials - directly from the cloud.

Secure

The cornerstone of the vSEC:CMS security is that all sensitive data and keys are secured using hardware. Operators of the system are securely authenticated using two-factor authentication and all usage is securely audited for full traceability. The main task of a secure device management system is to connect security devices (such as smart cards) to user identities in enterprise systems (such as user directories) and maintain this connection throughout the lifecycle of the security device. That implies need of communication with several external systems. In vSEC:CMS C-Series, only proven and secure standards for these connectors are used.

Get started today

Contact Versasec to setup a Webinar or check with your local Versasec reseller.

vSEC:CMS C-Series is available soon available on the Amazon AWS Marketplace.

System Owner Card

The System Owner Card – one required per system. The CMS operator applet (or application) will be installed on this token. It will be necessary to use this token to initialize the C-Series on first use. Once the system has been initialized and setup it is recommended that the System Owner Card is stored away in a safe.
To purchase a server license and receive a System Owner Card contact Versasec or check with your local Versasec reseller.

This Is How Easy It Is!

We support many different use cases and the configuration options and feature set is vast. But it’s easy to get started. The most common use case is being able to issue a Credential with a Windows logon certificate to a user in a secure way. Follow our guides and this can be accomplished in minutes rather than days. Once you have the initial use case configured you can build from there adding User Self Service, Remote Operators and support for other secure devices including Virtual Smart Cards.

Use Case Guide: Windows Credential Logon

We will guide you through the initial setup all the way to you issuing and managing the lifecycle of your secure devices. Follow this guide on our Support Portal: Windows Credential Logon

Note: The PKI used in this example use case will be an MS CA. Other PKIs are also supported.

Documentation

Complete Documentation is found on our Support Portal

vSEC:CMS Suite

More information about the complete vSEC:CMS product suite can be found here. vSEC:CMS Suite

Update from 3rd Party SCMS

vSEC:CMS S-Series includes updgrade wizards that enables quick and simple upgrade paths from third party credential management systems. Check out the details here on how to upgrade from Gemalto DAS / IDAdmin 100 and here on how to upgrade from Microsoft MIM/FIM CM.

Resellers

The product can be purchased from authorized vSEC:CMS integrators and resellers, via our partners reseller network or contact Versasec directly to let us help you find the best way forward.

Videos

The vSEC:CMS video content can be found here.

Supported Credentials

 

vSEC:CMS

Supported Credentials

K

S

C

ACS ACOS5-64

ACS CryptoMate64

Athena CNS

Athena IDProtect Key Nano USB

Athena IDProtect Key USB Token

Athena IDProtect Smart Card

Avtor CryptoCard 337

CardOS 4.4

CardOS 5.3

Cryptovision ePKI Applet

Feitian ePass2003

Feitian eJava

Gemalto IDPrime .NET 510

Gemalto IDPrime .NET 5500

Gemalto IDPrime MD 830

Gemalto IDPrime MD 840

Gemalto IDPrime MD 940

Gemalto IDPrime MD 3810

Gemalto IDPrime MD 3840

Gemalto IDPrime MD 3940

Gemalto IDPrime PIV 2.1

Gemalto IDPrime PIV 3.0

Gemalto MultiApp ID

Gemalto Safenet eToken 5110

Gemalto Safenet eToken 5110 FIPS

Gemalto Safenet eToken 5300

HID Global Crescendo C200

HID Global Crescendo C1150

Identiv uTrust MD

Longmai mToken CryptoID

Microsoft minidriver enabled devices

Microsoft Windows Hello for Business

Mifare DESFIRE EV1

Morpho ypsID S2

Morpho ypsID S3

Oberthur Authentic

Oberthur IAS ECC

Oberthur PIV 8.1

Open FIPS 201 Applet

Raak Technologies C2

SafeTrust-PIV on Placard

Taglio C2

Taglio PIVKey

TCOS TeleSec IDKey

Virtual Smart Cards

Yubico YubiKey 5 NFC/5C/5 Nano/5C Nano

Yubico YubiKey 4/4 Nano/4C/4C Nano

Yubico YubiKey NEO/NEO-n

NOTE
- The credential is supported by the product.
L - Known limitations - check release notes.
For details about validated middleware/minidrivers check the Versasec support portal or contact us.

The table below highlights the key features included in the vSEC:CMS product suite. Further detailed information about each product is provided from this table.

 

vSEC:CMS

Product Features

K

S

C

User-Side Credential Operations

  • Change User PIN
  • Offline Unblock User PIN (User Side)
  • Certificate Listing
  • Card Information
  • Support for a large set of credentials

Operator-Side Credential Operations

  • Admin Key Change
  • Online Unblock User PIN
  • Offline Unblock User PIN (Operator Side)
  • User PIN Policy Update
  • User Fingerprint Policy Update
  • Certificate Management (pfx or p12 Import, Delete)

Advanced Operator Side Smart Card Operations

  • Admin Key Diversification
    from Hardware Protected Masterkey
  • Batch mode support

L1

Database

  • Card Repository
  • SQL Support
  • Backup / Restore
  • Multi-forest & Multi-domain
  

Smart Card Management System Features

  

Advanced Management Features

  • User Self-service and MS Credential Provider
  • Key archive and key restore
  • Smart Card Stock Management
  • Granular Operator Permissions and Access Control
  • Card Printing
  • Photo Capturing
  • Connection with other systems:
    • Certification Authorities (MS CA, Entrust, DigiCert, EJBCA, GlobalSign...)
    • User Directories (LDAP, MS AD)
    • Physical Access System (RFID)
    • Identity Providers (IdP) using OpenID Connect (OIDC)
    • Windows Event Log
    • Mail Server (for PIN mailing)
    • Hardware Security Module (HSM)
  

Integrations/APIs

  • Server-Side
    • SQL Database Interface
    • SQL High Availability - Microsoft Always On
    • SOAP Helpdesk API
    • SOAP Lifecycle API
  • Client-Side (Operator Console and User Self-Service)
    • COM API
    • Web Start API
    • Plugin API
    • Physical Access System (PACS) API
    

The feature is included in the product.
L1 Only available in Secure System Mode of vSEC:CMS K-Series.