Utimaco CryptoServer LAN V4 User manual
CryptoServer LAN V4
Operating Manual
Imprint
Copyright 2017
Utimaco IS GmbH
Germanusstr. 4
D-52080 Aachen
Germany
Phone
+49 (0)241 / 1696-200
Fax
+49 (0)241 / 1696-199
Internet
http://hsm.utimaco.com
e-mail
Document Version
1.2.3
Date
2017-02-08
Status
Final
Document No.
M012-0002-en
All Rights reserved
No part of this documentation may be reproduced in any form (printing, photocopy or
according to any other process) without the written approval of Utimaco IS GmbH or be
processed, reproduced or distributed using electronic systems.
Utimaco IS GmbH reserves the right to modify or amend the documentation at any time
without prior notice. Utimaco IS GmbH assumes no liability for typographical errors and
damages incurred due to them.
All trademarks and registered trademarks are the property of their respective owners.
Table of Contents
Page 3 of 42
Table of Contents
1Introduction ................................................................................................................................5
1.1 About This Manual...................................................................................................................... 5
1.1.1 Target Audience for This Manual ......................................................................................... 5
1.1.2 Contents of This Manual....................................................................................................... 5
1.1.3 Document Conventions ........................................................................................................ 6
1.2 Other Manuals ............................................................................................................................ 6
1.3 Import and Export Regulations................................................................................................... 8
1.4 Damage in Transit ...................................................................................................................... 8
1.5 Deliverables................................................................................................................................ 9
2General Safety Instructions.......................................................................................................10
2.1 Moving and Storing ..................................................................................................................10
2.2 Environmental Temperature.....................................................................................................11
2.3 19″Rack....................................................................................................................................11
2.4 Desktop ....................................................................................................................................11
2.5 Power Supplies and Power Supply Cables ...............................................................................12
2.6 Opening the Device...................................................................................................................13
2.7 Batteries ...................................................................................................................................14
2.7.1 External Battery in the Battery Compartment ....................................................................14
2.7.2 Carrier Battery of the CryptoServer....................................................................................14
2.8 Cleaning....................................................................................................................................15
3Bringing into Service.................................................................................................................16
3.1 Ports and Interfaces on the Rear Side (AC Power Supply).......................................................16
3.2 Ports and Interfaces on the Rear Side (DC Power Supply).......................................................18
3.3 Ports and Operating Elements on the Front Panel...................................................................20
3.3.1 Menu Control Buttons.........................................................................................................21
3.3.2 Ports and Operating Elements behind the Front Door .......................................................22
3.4 Bringing the CryptoServer LAN V4 into Service .......................................................................22
4Maintenance..............................................................................................................................25
4.1 Checking the Battery Status.....................................................................................................25
4.2 Replacing the External Battery.................................................................................................26
4.3 Removing/Swapping a Power Supply Module..........................................................................31
5Switching off the CryptoServer LAN ..........................................................................................34
6Disposing of the CryptoServer LAN............................................................................................35
6.1 Deleting All Sensitive Data .......................................................................................................35
6.2 Disposing the Batteries ............................................................................................................38
Table of Contents
Page 4 of 42
7Technical Data of CryptoServer LAN V4 (AC Power Supply).......................................................40
8Technical Data of CryptoServer LAN V4 (DC Power Supply).......................................................41
9Contact Address for Support Queries ........................................................................................42
Introduction
Page 5 of 42
1Introduction
Thank you for purchasing our CryptoServer LAN V4 security system (referred to below also as
CryptoServer LAN). We hope you are satisfied with our product. Please do not hesitate to
contact us if you have any questions or comments.
1.1 About This Manual
In this operating manual you will find all the necessary information for using the hardware of
the CryptoServer LAN as well as essential security instructions that are to be followed in order
to ensure that the device can be operated safely.
1.1.1 Target Audience for This Manual
This manual is intended for system administrators who bring the CryptoServer LAN with an
integrated CryptoServer CSe- or Se-Series Gen2 into service and administer it.
1.1.2 Contents of This Manual
After the introduction this manual is divided up as follows:
Chapter 2 provides safety instructions that should be read carefully, before unpacking the
CryptoServer LAN and bringing it into operation.
Chapter 3 shows the different ports, interfaces and operating elements on the front and rear
side of the CryptoServer LAN, and provides a general description of the procedure for bringing
the CryptoServer LAN into service.
Chapter4 contains the maintenance tasks that a customer is permitted to perform on the
CryptoServer LAN, i.e., to check the power level of the batteries (carrier battery and external
battery) and, if necessary, to change the external battery in the battery compartment, as well
as to remove/swap a power supply module.
Chapter 5 provides instructions on how to switch off the CryptoServer LAN.
Chapter 6 gives information about what needs to be taken into account when disposing of the
CryptoServer LAN.
Chapter 7 is an overview of the essential technical data of the CryptoServer LAN with AC
power supply.
Chapter 8 is an overview of the essential technical data of the CryptoServer LAN with DC
power supply.
Introduction
Page 6 of 42
Chapter 9 provides the manufacturer's contact data in case you have questions on
CryptoServer LAN or problems occurred while operating the CryptoServer LAN.
1.1.3 Document Conventions
We use the following conventions in this manual:
Convention
Usage
Example
Bold
Items of the Graphical User Interface
(GUI), e.g., menu options
Press the OK button.
Monospaced
File names, folder and directory
names, commands, file outputs,
programming code samples
You will find the file example.conf in
the /exmp/demo/ directory.
Italic
References and important terms
See Chapter 3, "Sample Chapter" in the
CryptoServer LAN/CryptoServer
CryptoServer Command-line
Administration Tool -csadm -Manual for
System Administrators.
Table 1: Document conventions
We use special icons to highlight the most important notes and information.
Here you find important safety information that should be followed.
Here you find additional notes or supplementary information.
1.2 Other Manuals
The CryptoServer is supplied as a PCI-Express (PCIe) plug-in card in the following series:
Introduction
Page 7 of 42
■CryptoServer CSe-Series
■CryptoServer Se-Series Gen2
The CryptoServer LAN (appliance) is supplied in the following series:
■CryptoServer LAN CSe-Series
■CryptoServer LAN Se-Series Gen2
We provide the following manuals on the product CD for the CryptoServer PCIe CSe- and Se-
Series Gen2 plug-in cards and for the CryptoServer LAN (appliance) CSe- and Se-Series Gen2:
Quick Start Guides
You will find these Manuals in the main folder of the SecurityServer product CD. They are
available only in English, do not cover all possible scenarios, and are intended as a
supplement to the product documentation provided on the SecurityServer product CD.
■CryptoServer LAN - Quick Start Guide
If you are looking for step-by-step instructions on how to bring the CryptoServer LAN into
service, how to prepare a computer (Windows 7) for the CryptoServer administration and
how to start administrating your CryptoServer with the Java-based GUI CryptoServer
Administration Tool (CAT), read this document.
■CryptoServer PCIe - Quick Start Guide
If you are looking for step-by-step instructions on how to bring the CryptoServer PCIe plug-
in card into service, how to install the CryptoServer driver on a computer with minimal
RHEL 7.0 installation and how to start administrating your CryptoServer with the
CryptoServer Command-line Administration Tool (csadm), read this document.
Manuals for System Administrators
You will find these manuals on the product CD in the following folder:
…Documentation\Administration Guides\. From version 4.01.0 of the SecurityServer
product CD they are only provided in English.
■CryptoServer - Manual for System Administrators
If you need to administer a CryptoServer PCIe plug-in card or a CryptoServer LAN using
the CryptoServer Administration Tool (CAT), read this manual. Furthermore, this manual
provides a detailed description of the CryptoServer functions, required for the correct and
effective operation of the product.
■CryptoServer LAN - Manual for System Administrators
If you need to administer a CryptoServer LAN (appliance), read this manual. Since a
CryptoServer plug-in card is integrated into the CryptoServer LAN, please read the
CryptoServer - Manual for System Administrators, as well.
Introduction
Page 8 of 42
■CryptoServer LAN/CryptoServer - Troubleshooting
If problems occur while you are using a CryptoServer PCIe plug-in card or a CryptoServer
LAN (appliance), read this manual.
■CryptoServer LAN/CryptoServer
PKCS#11 CryptoServer Administration Tool –Manual for System Administrators
If you need to administer the PKCS#11 R2 interface with the PKCS#11 CryptoServer
Administration Tool (P11CAT), read this manual.
■CryptoServer LAN/CryptoServer
CryptoServer Command-line Administration Tool - csadm - Manual for System Administrators
If you need to administer a CryptoServer PCIe plug-in card or a CryptoServer LAN using
the CryptoServer Command-line Administration Tool (csadm), read this manual.
Operating Manuals
You will find these manuals on the product CD in the following folder:
…Documentation\Operating Manuals\. They contain all the necessary information for using
the hardware of the CryptoServer PCIe plug-in card respectively the CryptoServer LAN
(appliance).
1.3 Import and Export Regulations
The export and use of CryptoServer LAN outside Germany is subject to the legal foreign
trade regulations of the Federal Republic of Germany and require the appropriate
authorization.
The import of CryptoServer LAN is subject to the legal requirements or other regulations that
apply in the particular destination (import license)
Please contact your own national customs authorities for more detailed information.
1.4 Damage in Transit
By purchasing the CryptoServer LAN you have acquired a device that has been carefully
tested and packed for delivery. Nevertheless, damage may occur during transport or improper
temporary storage.
If you discover that the transport boxes are damaged when they arrive, please immediately
contact your reseller or Utimaco (the e-mail address and telephone number are given in
Introduction
Page 9 of 42
Chapter 9 of this manual). Please have the delivery note and the serial number of the device at
hand.
1.5 Deliverables
The CryptoServer LAN deliverables include:
■one CryptoServer LAN V4
■two power supply cables
■one CryptoServer LAN V4 Operating Manual (this manual)
■one PIN pad
■ten smartcards for administering the CryptoServer LAN V4
General Safety Instructions
Page 10 of 42
2General Safety Instructions
Please follow all the warnings, safety notes and instructions given on the device or in this
manual. If you fail to do so, Utimaco will not accept any liability for any resulting damage
caused.
The CryptoServer LAN includes a CryptoServer CSe- or Se-Series Gen2. If the predefined limit
values for its internal temperature are exceeded (or not reached), an alarm will be triggered
and all the data on the CryptoServer will be deleted.
Before unpacking the device and bringing it into operation, please read the safety
instructions below carefully to ensure that the device can be operated safely.
Always keep these instructions handy, in a safe place.
2.1 Moving and Storing
When moving and storing the device, please follow these instructions:
■Before moving the CryptoServer LAN, ensure that the power supply cables have been
pulled out of the sockets and that all other connection cables have been unplugged from
the other devices.
■CryptoServer LAN should only be moved and stored in its original packaging.
■You must make sure that CryptoServer LAN is always stored at temperatures between
-10 °C and +55 °C (+14 °F to +131 °F).
■Do not subject the device to impacts and vibrations or any other physical events that may
damage the packaging.
■If the device is to be stored for a longer time period, ensure that the battery replacement
time is not exceeded.
■Keep this manual together with your CryptoServer LAN so that it is handy if you need to
reinstall the system.
General Safety Instructions
Page 11 of 42
2.2 Environmental Temperature
The CryptoServer LAN must only be operated and stored in a particular temperature range.
■You must make sure that CryptoServer LAN is always stored at temperatures between
-10 °C and +55 °C (+14 °F to +131 °F).
■You must make sure that CryptoServer LAN with an integrated CryptoServer Se-Series
Gen2 PCIe plug-in card is always operated at temperatures between +10 °C and +50 °C
(+50 °F to +122 °F).
■You must make sure that CryptoServer LAN with an integrated CryptoServer CSe-Series
PCIe plug-in card is always operated at temperatures between +10 °C and +40 °C (+50 °F
to +104 °F).
If the environmental temperature is out of the permitted range, the device sensor will delete
all the data on it.
2.3 19″Rack
Brackets are attached to either side of the device so that CryptoServer LAN can be installed in
a 19″rack.
■You can use slide rails for the installation of the CryptoServer LAN in a 19″rack which you
can purchase from the manufacturer Utimaco.
■To install CryptoServer LAN in a 19″rack, simply attach the securing brackets to the 19″
rack.
■The temperature inside the 19″rack may be higher than the temperature outside the 19″
rack. This is particularly true if several devices are installed in the same 19″rack. Please
ensure that the temperature inside the 19″rack does not exceed the maximum permitted
environmental temperature.
■Take care that, when you install the device in a 19″rack, the ventilation slots are kept free
to ensure that air circulates enough.
2.4 Desktop
If you do not want to install CryptoServer LAN in a 19″rack, please follow these instructions:
■Place the device on a secure, stable surface. Avoid impacts and blows to the device.
General Safety Instructions
Page 12 of 42
■Never operate CryptoServer LAN close to water or other liquids. Never spill liquid on the
device.
■Do not place objects, articles of clothing or papers on the device itself.
■Protect CryptoServer LAN against humid or dusty environments, vibrations, extreme
temperature variations and direct sunlight. Do not place the device next to heating units,
air conditioning units, etc.
■Ensure that the maximum permitted environmental temperature is not exceeded.
■Ensure adequate ventilation. Never install the device in a cabinet or similar object in which
the circulation of air is impeded. The ventilation slots on the device must never be
covered.
■Do not connect the device to sockets that are switchable or have timers.
■Avoid connecting the device to electrical circuits to which other power-hungry devices
(such as motors, air conditioning units, photocopiers etc.) are connected. This would put
the device at risk of sudden power fluctuations.
This device has not been designed for use at a workstation within the user's field of vision.
To avoid disturbing reflections, do not place this product at a workstation directly in the field
of vision.
2.5 Power Supplies and Power Supply Cables
The CryptoServer LAN is equipped with two redundant power supplies. Please find further
technical details in Chapter 7 and Chapter 8 of the current document.
Check the power voltage. Connecting CryptoServer LAN to the incorrect power voltage may
destroy the device.
Connect the two power cables to two different power circuits. This ensures that the
CryptoServer LAN remains in operation continuously even if one of the power circuits fails.
General Safety Instructions
Page 13 of 42
■Check the electrical connections to the power circuits to ensure they will not be
overloaded.
■Ensure that the device's electrical connection is properly earthed. If you connect several
devices together, their total power consumption may exceed the total safe limit.
■Handle the power supply cables carefully. Always disconnect them by pulling on the plugs,
not on the cables themselves. Pulling on the cables loosens the contacts and can cause
problems.
■Protect the power supply cables against physical damage. Never place furniture or other
heavy objects on the power supply cables and do not drop any sharp-edged or heavy
objects on it.
■Do not tie knots in the power supply cables.
2.6 Opening the Device
The CryptoServer LAN must only be opened by the employees of Utimaco or certified sales
partners.
If the CryptoServer LAN is opened by someone else, instead of an employee of Utimaco or a
certified sales partner, Utimaco accepts no liability for any damage caused by opening the
device.
However, if there is an urgent need to open the device, it is essential that the power supply
plugs are removed from the sockets before the device is opened. Before opening the device
please contact your reseller or directly us, the manufacturer Utimaco (please see Chapter 9
for contact details). Please have the delivery note and the serial number of the device at
hand.
To ensure that CryptoServer LAN cannot be opened without anyone noticing, there are
holographic security seals on the device itself.
■To avoid the risk of electrical shocks or fires, do not attempt to tamper with any
components inside the device.
■Do not attempt to repair CryptoServer LAN in any way.
■If water, wires or other parts penetrate the device by accident, immediately disconnect the
power supply cables and inform your dealer or Utimaco IS GmbH. If you operate the
device in this condition, you risk either causing a fire, or electrical shocks.
■Do not insert any objects into the openings in the CryptoServer LAN casing because they
may hit live components and cause a short circuit. This may result in a fire or a life-
threatening electrical shock.
General Safety Instructions
Page 14 of 42
■Incorrect or improper use may seriously damage CryptoServer LAN.
2.7 Batteries
The CryptoServer LAN contains two batteries. These ensure that no security-critical
information is lost or deleted in the CryptoServer when the device is switched off, or if
operation is interrupted due to a power failure. The external battery is located in the battery
compartment of the CryptoServer LAN. The carrier battery is placed on the CryptoServer plug-
in card.
These batteries are not rechargeable.
Using the wrong batteries may cause an explosion! Utimaco IS GmbH accepts no liability for
damage caused by using any other batteries except the ones supplied by Utimaco IS GmbH.
2.7.1 External Battery in the Battery Compartment
The external battery placed in the battery compartment behind the front door of the
CryptoServer LAN is a 3.6 V lithium battery (size A) which is directly connected to the
CryptoServer.
This battery is already in use when the device is supplied.
The external battery provides a guaranteed power supply for the CryptoServer for at least 1½
years if the device is not supplied with power via the power cables.
Check the status of this battery at regular intervals. When the battery reaches a critically low
power level, it must be replaced.
Customers are permitted to change the external battery as described in Chapter 4.2 of this
manual.
2.7.2 Carrier Battery of the CryptoServer
On the CryptoServer plug-in card which is integrated into the CryptoServer LAN there is a 3 V
lithium battery –the carrier battery. It powers the sensor and the erase circuit when
CryptoServer LAN is switched off and the external battery in the battery compartment does
not have enough power to supply the CryptoServer.
General Safety Instructions
Page 15 of 42
The carrier battery can power the CryptoServer for at least six months.
The carrier battery must only be replaced by an employee of Utimaco or one of its certified
sales partners.
2.8 Cleaning
■Clean CryptoServer LAN with a soft, clean cloth dampened with a mild soapy solution.
Then dry the device with a clean dry cloth.
■If the device has become wet, wipe it with a clean, dry, soft cloth.
■Never use benzene, thinner, alcohol or other aggressive substances to clean the device.
Bringing into Service
Page 16 of 42
3Bringing into Service
Before you start up CryptoServer LAN, check whether all parts that belong to the delivery, as
listed in Chapter 1.5 of this manual, are present.
3.1 Ports and Interfaces on the Rear Side (AC Power Supply)
The CryptoServer LAN V4 with AC power supply might be supplied with slightly different ports
and interfaces on the rear side as shown in the following two figures, while the front panel
remains the same as in Figure 7 resp. Figure 9.
Figure 1: CryptoServer LAN V4 (AC) –Sockets and ports on the rear side (variant b)
Figure 2: CryptoServer LAN V4 (AC) –Sockets and ports on the rear side (variant c)
a1
a3
a4 a6
a11
a9
a12
a7
a15 a16
a2
a5
a10
a8 a13
a14
a1a3
a4 a10
a7
a8
a9
a13
a5
a6 a12 a14
a2a17
a11
a15 a16
Bringing into Service
Page 17 of 42
Port/Interface
Description
CryptoServer LAN V4 (Figure 1 and Figure 2)
a1, a2
Power supplies
a3, a4
Power supply sockets 90 V ~ 246 V (AC)
a5, a6
Power supply switches (switches power on/off) plus control light (green) above
a7, a8
Screws for attaching the power supplies
a9
Control light for the operation status of both power supplies:
■green –normal operation
■red –alarm status if a power supply fails or is switched off; A signal tone
sounds.
a10
Mute key for the signal tone that sounds if a power supply fails or is switched off
a11
CryptoServer CSe-Series or Se-Series Gen2 plug-in card
■CryptoServer CSe-Series plug-in card
Figure 3: CryptoServer CSe –Sockets and ports on the rear side
▣A–Erase pushbutton
▣B–USB 2.0 port of the CryptoServer CSe
■CryptoServer Se-Series Gen2 plug-in card
Figure 4: CryptoServer Se-Series Gen2 –Sockets and ports on the rear side
▣C–Erase pushbutton
▣D–LED flash light –indicates the activation of the Erase push-button
▣E–USB 2.0 port of the CryptoServer Se-Series Gen2
CE
D
AB
Bringing into Service
Page 18 of 42
Port/Interface
Description
a14
eth1 - Ethernet port 10/100/1000 (RJ45)
a15
eth0 - Ethernet port 10/100/1000 (RJ45)
a16
VGA connector (screen)
CryptoServer LAN V4 in Figure 1
a12
PS/2 power supply for a keyboard or mouse
a13
USB 2.0 port for the CryptoServer LAN
CryptoServer LAN V4 in Figure 2
a12, a13
USB 2.0 ports for the CryptoServer LAN
a17
Guard bracket protecting both power supplies against inadvertent displacement
during transport/movement.
Table 2: Ports and interfaces on the rear side of CryptoServer LAN V4 (AC)
3.2 Ports and Interfaces on the Rear Side (DC Power Supply)
The CryptoServer LAN V4 with DC power supply might be supplied with slightly different ports
and interfaces on the rear side as shown in the following two figures, while the front panel
remains the same as in Figure 7 resp. Figure 9.
Figure 5: CryptoServer LAN V4 (DC) –Sockets and ports on the rear side (variant b)
d1d3
d4
d5
d6 d10 d12
d2 d9 d13 d14
d8
d7
d11
Bringing into Service
Page 19 of 42
Figure 6: CryptoServer LAN V4 (DC) –Sockets and ports on the rear side (variant c)
Port/Interface
Description
CryptoServer LAN V4 (Figure 5 and Figure 6)
d1, d2
Power supplies
d3, d4
Power supply sockets 42 V ~ 60 V DC
d5, d6
Power supply switches (switches power on/off) plus control light (green) above
d7, d8
Screws for attaching the power supplies
d9
CryptoServer plug-in card (CSe-Series or Se-Series Gen2)
d12
eth1 - Ethernet port 10/100/1000 (RJ45)
d13
eth0 - Ethernet port 10/100/1000 (RJ45)
d14
VGA connector (screen)
CryptoServer LAN V4 in Figure 5
d10
PS/2 power supply for a keyboard or mouse
d11
USB 2.0 port for the CryptoServer LAN
CryptoServer LAN V4 in Figure 6
d10, d11
USB 2.0 ports for the CryptoServer LAN
d15
Guard bracket protecting both power supplies against inadvertent displacement
during transport/movement.
Table 3: Ports and interfaces on the rear side of CryptoServer LAN V4 (DC)
d1d3
d4 d11
d5
d6 d10 d12
d2
d15
d9
d13 d14
d8
d7
Bringing into Service
Page 20 of 42
3.3 Ports and Operating Elements on the Front Panel
Figure 7: CryptoServer LAN V4 –Ports and operating elements on the front panel
Port/
Op. element
Description
f1
Display
f2
USB Host
USB 2.0 port of the CryptoServer LAN. Generally, this port is used for connecting the
delivered PIN pad.
f3
USB CS
USB 2.0 port of the CryptoServer used for the CryptoServer administration
f4
Control light to show when the device is in operation
f5, f6
Buttons for CryptoServer LAN menu control
f7
Screw for opening the front door of the CryptoServer LAN
f8
Front door of the CryptoServer LAN
Table 4: Ports and operating elements on the front panel of the CryptoServer LAN V4
f1
f2 f5
f4 f6 f7
f8
f3
Table of contents
Other Utimaco Server manuals
