Managing profiles

When you initialize the TKE workstation crypto adapter, a set of IBM®-supplied profiles are loaded on the adapter. You can use the CCA Node Management Utility's Profile Management window to modify the IBM-supplied profiles on the adapter, or to define and load your own profiles on the adapter.

Each of the IBM-supplied profiles is created from a corresponding IBM-supplied profile definition file that is stored on the TKE workstation's hard drive. You can also define your own profile definition files. The profile definition files you create can be stored on the TKE workstation's hard drive or on removable media. A profile definition file describes the attributes of a profile, and are important for migration between versions of TKE and for recovery. We recommend that you:
  • Create profile definition files for any new profiles you create. This will help during migration to a new TKE workstation or for recovery of the TKE workstation crypto adapter data. If you later modify the profile loaded on the TKE workstation crypto adapter, you should also modify the corresponding profile definition file.
    When creating profile definition files, we further recommend:
    • using the naming convention profile-name.pro.
    • using the IBM-supplied roles (such as TKEUSER, SCTKEADM) whenever possible.
  • Do not edit the IBM-supplied profile definition files. By leaving the IBM-supplied profile definition files unedited, you preserve the ability to restore IBM-supplied profiles to their default settings, including the default passwords. If you edit the IBM-supplied profiles, we recommend you save the modified settings to a new profile definition file instead of editing the original profile definition file supplied by IBM.

To open the CCA Node Management Utility's Profile Management window:

  1. Go to the CCA Node Management Utility main window.
  2. From the Access Control pull-down menu, select Profiles.

    The CCA Node Management Utility's Profile Management window is displayed. Initially, this window lists the profiles currently loaded on the TKE workstation crypto adapter.

    Figure 1. Profile Management window listing the profiles on the TKE's local crypto adapter
    Profile Management window listing the profiles on the TKE's local crypto adapter
You can use the Profile Management window to manage the profiles on the TKE workstation crypto adapter and to manage any associated profile definition files. You can use:
  • the New push button to create a new smart card, passphrase, or group profile.
  • the Edit push button to edit a profile on the TKE workstation crypto adapter.
  • the Delete push button to delete a profile by highlighting it and pressing the Delete button. To do this, you first select the profile in the window and then click the Delete button.
  • the Refresh push button refresh the list in the window.
  • the Open push button to open a profile definition file.
  • the Done push button to close the window.

Clicking the New, Edit, or Open push buttons will all eventually open a window for modifying profile settings. The window will differ slightly depending on the type of profile – either a passphrase profile, a smart card profile, or a group profile. From this window, you will be able to load the settings as a profile on the TKE workstation crypto adapter (provided a profile of the same name is not already loaded on the adapter), or save the settings as a profile definition file on the TKE workstation's hard drive or on removable media.

To replace a profile that is already loaded on the TKE workstation crypto adapter, you will always want to use the Edit push button. Only by clicking the Edit push button will you be able to replace an already-loaded profile.

Parent topic: Access Control menu