Creating a remote zone enrollment request (task 2)

This task is the second task in the remote zone enrollment process.

Before you begin

You must have a USB flash memory drive that is formatted for Trusted Key Entry data. For more information, see Formatting a USB flash memory drive for Trusted Key data (task 1).
You must know the strength of the zone in which you are enrolling. It is either 1024 or 2048.

About this task

Perform this task on the TKE workstation that is to be enrolled in the remote zone.

Attention: After you complete this task, you must not reset the device key on this TKE workstation before you complete the zone enrollment. If you do, the remote zone enrollment fails and you must restart the remote zone enrollment process. Specifically, you must not take any of the following actions:

Use the Cryptographic Node Management utility to initialize the TKE workstation’s local crypto adapter.
Use the TKE workstation’s "IBM® Crypto Adapter initialization" application to initialize the TKE’s local crypto adapter.
Locally enroll the TKE in a zone.

If you take any of these actions, the error exception during application install is issued at the end of task 4.

Procedure

Install the USB flash memory drive that is formatted for Trusted Key Entry data.
From the Trusted Key Entry console, click Trusted Key Entry.
Open the "Begin zone remote enroll process" application.
If necessary, log on to the crypto adapter.
Click Yes when you see the message Begin remote enroll.
Respond to the message about the remote zone key length:
- Click Yes if the strength of the zone is 1024.
- Click No if the strength of the zone is 2048.
If you are prompted to confirm the 2048 zone strength, click Yes.
If you are prompted to confirm that the existing enrollment is to be replaced, click Yes.
Note: This step removes the TKE workstation from its current zone. The TKE workstation is not enrolled in a zone until the entire remote crypto adapter enrollment process is complete. If you cancel the process after this point, you must restart and complete the remote crypto adapter enrollment process or perform a local "enroll crypto adapter" operation from the Smart Card Utility program.
When the "save the enrollment request file" window opens, respond:
- Click USB Flash Memory drive
- Enter a file name. For example, MyEnrollmentRequestForTKExxxx
- Click Save.
When a window opens with a completion message, click OK to close the window.
When a window opens with a logoff message, click OK. Either logoff option is acceptable.
Remove the USB flash memory drive and send it to the remote location of the TKE that is enrolled in the zone.

Results

You created a remote zone enrollment request, saved the request to a USB flash memory drive, and sent the drive to the remote location. Continue to the next task, Processing the remote zone enrollment request (task 3).