How it Works
Hp
Loading...
C
Loading...
Loading...
COMPAQ T5720
User Manual
46 pgs957.03 Kb0
User Manual
32 pgs1.74 Mb0
User Manual
76 pgs753.57 Kb0
User Manual
2 pgs1.84 Mb0
Generating Unique System IDs (SIDs) after Disk Duplication using Altiris Deployment Solution
3 pgs64.55 Kb0
User Manual
10 pgs153.57 Kb0
User Manual
48 pgs1.16 Mb0
Table of contents
Loading...

Hp COMPAQ T5720 Implementing Gemalto Smart Card

Implementing Gemalto Smart Card for Use with HP Compaq t5720 and HP CCI

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Reference hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Reference Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Installing GemSafe Libraries 5.0 SE to Server and Client PCs (Optional) . . . . . . . . . . . . . . . . . .5
Installing Microsoft Certificate Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Configuring Microsoft Certificate Authority to Issue Smart Card User Certificate . . . . . . . . . . . . 18
Manually issue Smart Card User Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Testing the Smart Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Creating Customized User Install Packages for Clients PCs (Optional) . . . . . . . . . . . . . . . . . . .30
Additional Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Using a Smart Card For Windows Network Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Administration of the GemSafe Smart Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Working with GemSafe Libraries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Usage cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
Usage case 1: User authentication from blade PC to Active Directory Domain . . . . . . . . . . 37
Usage case 2: User authentication from client device to blade PC or
Active Directory Server using RDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
Usage case 3: User authentication from client device to blade PC or
Active Directory Server using HPSAM client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
Usage case 4: Accessing secure Web site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39
Usage case 5: User authentication using VPN through firewall to blade PC or
Active Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
Usage case 6: User authentication from client device using Citrix server . . . . . . . . . . . . . . 43
Service and Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Introduction

Smart cards can provide additional security to a corporate network. This paper provides instructions for configuring a smart card with your HP Compaq t5720 thin client and CCI blade PCs.
Gemalto delivers secure personal devices, software, and services through innovation and collaboration— thus, enabling our clients to offer trusted and convenient digital services to billions of individuals. A key component of these solutions is the smart card where Gemalto Smart cards solutions are considered a secure, reliable and easy to use identification credential for corporate enterprise. Smart cards are consid­ered a secure, reliable, and easy to use identification credential for corporate enterprise.
The corporate enterprise requires secure access to network resources from their Information Technology Departments. IT Departments must provide authentication solutions that employees can use without creat­ing undo time or effort. Gemalto and Hewlett Packard have combined their network access solutions to deliver both security and ease of use. Replacing the outdated and easy to hack “user name and pass­word” authentication method, corporate employees can log onto corporate recourses via HP thin clients using the Gemalto GemXpresso Identification Card. While the employee needs only to remember a sim­ple password, the GemXpresso ID Card protects the employee’s identity with an advanced cryptographic key without sacrificing log-on time. Along with secure access, the Gemalto GemXpresso ID Card can pro­vide additional applications such as physical access control, digital signature certificates, VPN authenti­cation and disk/file encryption.
Instructions for deploying the Gemsafe Libraries, SmartCard readers drivers to Thin Client, Thick Client, CCI Blade or SAM server, in addition environmental network infrastructures such as Windows 2003 Server setup for DHCP, DNS, Active Directory, IIS including CCI SAM and Load Balancers is beyond the scope of this white paper; therefore, the white paper assumes the customer has acknowledged RDP enablement settings at both server and client, firewall settings are appended as necessary, and usage of the Enhanced Write Filter are already functional and comprehended for usage and configuration.
For further information about purchasing Gemalto products, including the GemSafeXpresso 3.2 Java cards or GemSafe libraries, please send an e-mail to Gemalto at HP@Gemalto.com, or call 888-343-
5773.

Prerequisites

1. GemSafe Libraries v5.0 SE or GemSafe Libraries v5.1 SE (Vista).

2. Gemalto Java Cards:

GemSafeXpresso 32k v. 3.2 Java cards.
GemSafeXpresso 64k v. 3.2 Java cards.

3. Before installing GemSafe Libraries you must connect the smart card reader.

a. Connect your reader.
• To connect the HP USB SmartCard Keyboard, plug the keyboard into an available USB Port on your PC.
• To connect the GemPC Serial-SL, or GemPC Twin Serial:
•Plug the green cable connector into the serial port on the PC.
2
•Plug the keyboard cable into the grey extension socket.
•Plug the purple connector of the reader into the keyboard port of the PC.
• To connect the GemPC Card insert the reader into an available PCMCIA slot.
b. Install your reader driver.
The identified Gemalto supported cards are managed within the Gemalto libraries 5.0 SE software installation. For the drivers update, visit the Gemalto support site at: http://hotline.gemalto.com/
For the HP USB SmartCard Keyboard Drivers please visit www.hp.com software support for the latest available drivers.
NOTE: GemSafe Libraries 5.0 SE Registration tool found in the system tray inappropriately identifies “no card reader detected”. The software continues to operate normally and no user impact occurs. Start and stop the Registration tool using the 'right-click' menu options to resolve the reader identification issue. For more details regarding the operation of the Registration tool, consult the GemSafe user guide.

Reference hardware and software

The following list provides the reference hardware and software used to validate the Gemalto Smartcard with the identified Usage cases:
Load Balancer
HP Server running F5 networks BigIP version 4.6.4.
or
HP Server running HP Session Allocation Manager version 1.0.
Primary Domain Controller
HP server running Microsoft Windows Enterprise 2003 Server RC1. Configured as DNS, DHCP, IIS, CA, and secure Web site server.
VPN Tunnel
Altiris Deployment Server
Network Switch.
•HP Procurve 2626.
Blade Enclosure
HP e-class blade enclosure.
Blade PCs
HP bc1000 blade PC running Microsoft Windows XP SP2 w/HPSAM blade service installed.
HP bc1500 blade PC running Microsoft Windows XP SP2 w/HPSAM blade service installed.
Clients
3
HP Compaq t5720 series thin client running Microsoft Windows XPe w/HPSAM blade ser­vice installed.
HP desktop PC running Microsoft Windows XP w/HPSAM blade service installed.
Smart Card Readers
HP standard USB Smart Card Keyboard.
Driver: HPKBCCID.sys, version 4.30.0.1.
USB CAC approved smart card reader (SCM Microsystems SCR331 Reader).
Driver: SCR33X2K.sys, version 4.27.00.01.
Serial CAC approved smart card reader (SCM Microsystems SCR131 Reader).
USB Combo Fingerprint & Smart Card reader (SCM Microsystems SPR337).
Driver: spr337.sys, version 1.16.00.01.
Gemalto reader support, as follows:
Product Description Part Numbers
GemPC Twin (USB) GemPC Twin Smart Card Reader with USB cable HWP108765 GemPC Twin (Serial) GemPC Twin Smart Card Reader with RS232 cable HWP108925 GemPC USB –SL USB Smart Card Reader Slim Line Casing HWP108841 GemPC Serial –SL Serial Smart Card Reader Slim Line Casing HWP108927 GemPC Card (PCMCIA) PC Card Smart Card Reader HWP110628
Windows Enterprise 2003 Server RC1.
Configured as DNS, DHCP, IIS, CA and secure Web site server.
•IIS installed.
Administrative privileges to the server.
Know the common name for Microsoft Certificate Authority to be defined during the CA installation.

Reference Documents

For more information about HP Consolidated Client Infrastructure, see http://h71028.www7.hp.com/
enterprise/cache/9885-0-0-225-121.html.
For more information about write filter usage, see the Using the Enhanced Write Filter white paper at:
http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00101105/c00101105.pdf.
4

Installing GemSafe Libraries 5.0 SE to Server and Client PCs (Optional)

Running the GemSafe Libraries 5.0 SE on a server or client for card provisioning is required. It is optional to install GemSafe Libraries 5.0 SE to client systems for user logon. The client install package is customiz­able and created by the Administrator (see “Creating Customized User Install Packages for
Clients PCs (Optional)” on page 30).
NOTE: During the software installation the reader should not have a smart card in it.
NOTE: Thin Client PC Ram disk size
mental variables will be required for the optional GemSafe Libraries 5.0 SE installation or customized user install packages on an HP Thin Client. For more information see “Creating Customized User Install Packages for Clients PCs (Optional)” on page 30.

1. Close all opened Windows programs and applications.

2. For Server installation, insert the GemSafe Libraries 5.0 SE CD.

3. The installation program will start automatically if the computer is configured to "autorun" a CD. If
your computer is not configured this way, navigate to the CD and double click on the file 'Auto­run.exe'.

4. The GemSafe Libraries InstallShield Wizard displays the Autorun window.

5. Select the language of your choice and click Install to continue.

may need to be adjusted up to 64-MB, and changes to the environ-
5
6. Click Next to continue; GemSafe Libraries Install Shield Wizard displays the License Agreement win-
dow.
7. Read the Gemalto License Agreement and click Yes to continue; the GemSafe Libraries InstallShield
Wizard displays the Choose Destination Location window.
6

8. Click Next to install GemSafe Libraries to the default location or select a different location by using the Browse button.

During the GemSafe Libraries installation you will see a series of dialogs similar to the following. These dialogs simply inform you as each of the components are automatically being installed.
7

9. Click Finish to complete the installation; the GemSafe Libraries InstallShield Wizard displays the Reboot Dialog.

10. Click Yes to restart the system immediately or No to restart your computer later.

NOTE: To use GemSafe Libraries you must restart the computer.
NOTE: Internet Explorer is automatically configured to work with GemSafe Libraries. For the Netscape
Security Module configuration please refer to the Administration or User Guide.
NOTE: If you are using the smart card for network login, it will be necessary to load a certificate onto the card in order to recognize the card for login purposes. Instructions for manually issuing a certificate on the card, can be found at “Manually issue Smart Card User Certificate” on page 24.
NOTE: After installation of GemSafe Libraries the Administrator has to create users setups by granting users different access rights for GemSafe card management based on their privileges.
8

Installing Microsoft Certificate Services

1. Click Start > Control Panel.

2. Select Add or Remove Programs.

3. In the left panel, select Add/Remove Windows Components.

4. Click Certificate Services, and then click Next.

9

5. Select Enterprise Root CA, and then click Next.

6. Click Yes to accept the warning.

10

7. Type a Common name for this CA, and then click Next.

8. Select Next to accept Certificate Database Settings.

11
The installation will configure components, as shown in the following screen.

9. Click Yes when prompted to temporarily stop ISS.

12

10. Click Finish to complete the installation.

Configuring a Certificate Authority (CA) service

Configure a CA service. This white paper uses Microsoft Certificate Services to configure certificates. Refer to “Installing Microsoft Certificate Services” on page 9 on installing certificate services.
After you install the CA service, perform the following configuration steps:

1. Create a MMC with following snap-ins:

Active Directory Users and Computers
Certificate Authority
Certificate Templates

2. Click Certificate Templates and look for the Smartcard User certificate template in the right pane.

13
3. Create a duplicate template by right-clicking on the Smartcard Logon certificate template, and then
selecting Duplicate Template.
4. Type a name for the new template in the Template Display name box. This example uses CCI
Smartcard User
14
Loading...
+ 31 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use