Scenario: Preparing CNI lists for target nodes

Edit online

In this task, the access control administrator uses the CCA Node Management (CNM) utility to prepare CCA Node Initialization (CNI) lists for the target nodes.

To set up the node and create its access control data, the access control administrator can:
  1. On an established node, start the CNM utility.
  2. Create and save to disk the access control data for the target node, which includes:
    • Supervisory roles and user profiles for the access control administrator and the key management officers
    • A default role to replace the initial default role
    1. To create a CNI list to synchronize the clock and calendar within the coprocessor and host computer.
      1. Load the access control data.
      2. Log on as an access control administrator.
      3. Load the replacement default role.
      4. Load the function control vector (FCV).
      5. Log off.
    2. Create a CNI list for the first key-management officer:
      1. Log on as the first key management officer.
      2. Load a first master key of the key part.
      3. Load the first part key encrypting key information.
      4. Log off.
    3. Create a CNI list for the second key management officer:
      1. Log on as the second key management officer.
      2. Load a second master key of the key part.
      3. Load the second part key encrypting key information.
      4. Log off.
  3. Install the coprocessor and the IBM Common Cryptographic Architecture (CCA) Support Program onto the target nodes.
  4. Transport to the target nodes the access control data and the FCV specified in the CNI list.
  5. With the involvement of the key management officers, on each target node run the CNI lists that you created in steps 2.a, 2.b, and 2.c.

The target nodes are now ready to provide cryptographic service.