CNM and CNI overview

Edit online
Typical users of the CCA Node Management (CNM) utility and the CCA Node Initialization (CNI) utility are security administration personnel, application developers, system administrators, and, in some cases, production-mode operators.
Notes:
  1. The CNM utility furnishes a limited set of the CCA API services. After becoming familiar with the utility, you can determine whether it meets your needs or whether you require a custom application to achieve more comprehensive administrative control and key management.
  2. Files that you create through use of the CNM utility might be dependent on the release of the Java™ Runtime Environment (JRE). If you change the release of the Java Runtime Environment (JRE) that you use, files that you have created with the CNM utility might not function correctly with the new release.
  3. The CNM utility has been designed for use with a mouse. Use the mouse instead of the Enter key for consistent results.
  4. No help panels are provided for the Master-Key Cloning portion of the utility.
  5. These utilities use the IBM Common Cryptographic Architecture (CCA) Support Program API to request services from the coprocessor. The IBM CCA Basic Services Reference and Guide for the IBM 4765 PCIe and 4764 PCI-X Cryptographic Coprocessors manual contains a comprehensive list of the verbs (also known as callable services or procedure calls) provided by the CCA API. Refer to this book and the individual services described therein to understand which commands might require authorization in the various roles that you define by using the procedures described in this section.

CCA node management utility overview

The CCA Node Management utility is a Java application that provides a graphical interface to use in the setup and configuration of IBM® 4765 CCA cryptographic nodes. The utility functions primarily to set up a node, create and manage access-control data, and manage the CCA master-keys that are necessary to administer a cryptographic node.

You can load data objects directly into the coprocessor or save them to disk. The data objects are usable at other IBM 4765 CCA nodes that use the same operating system and a compatible level of the Java application.
Note: Starting the CCA Node Management Utility: To start the CCA Node Management utility enter the csufcnm command The CNM utility logo and then the main window are displayed.

CCA node initialization utility overview

The CCA Node Initialization utility runs scripts that you create by using the CNI Editor within the CNM utility. These scripts are known as CNI lists. The CNI utility can run the CNM utility functions that are necessary to set up a node; for example, it can be used to load access-control roles and profiles.

As you create a CNI list, you specify the disk location of the data objects that the CNI utility will load into the target nodes. After creating a CNI list, you can distribute the CNI list and any accompanying data files (for roles, profiles, and so on) to nodes where the CNI utility will be used for an automated setup. The source node and all nodes running the distributed CNI list must employ the same operating system and a compatible level of the Java application.
Note: Starting the CCA Node Management Utility: To start the CCA Node Management utility enter the csufcnm command The CNM utility logo and then the main window are displayed.