This article provides the information about KeyArmor deployment.
Select the question to show the corresponding details on deploying KeyArmor.
KeyArmor can be easily managed from your existing environment. Depending on how your users authenticate, a new group or One-Time Password may be required before distributing devices to end-users.
Do the following:
- Make sure that your license key is provisioned for KeyArmor.
- Ensure that your PolicyServer is configured to do the following:
- Enable KeyArmor at the enterprise and subordinate group levels.
- Configure policies and establish group(s) or users as needed.
- Prepare for device authentication.
- Prepare end-user communications.
- Distribute the devices.
KeyArmor comes from the factory with the software pre-installed. Once received by a client, KeyArmor needs to be registered to a PolicyServer prior to first time access on the device. Product updates are silent and managed remotely via PolicyServer and/or can be pushed out via client's network.
Yes, access to the PolicyServer is required for first time validation and credential download. First time access to the KeyArmor device must occur while on a computer which is logged in your organization’s network. You must have the following information from your system administrator prior to the KeyArmor one-time set up process:
- User ID
- Password (convention or process varies depending on your organization’s requirements)
- Host Name or IP Address
- Enterprise Name
Multiple users can share a device based on policy, user and device settings. KeyArmor provides unique user keys for access to any device which enables tracking access and activity on a device.
Yes. You may set this by navigating to KeyArmor Policy > Login > Allow One User Per Device. This policy determines whether a single user or multiple users may access a device. A policy value of "Yes" dictates only one user may have access to the device at a given time. Take note that this policy does not affect the Administrator or Authenticator roles.
To reassign a device constrained by the "One user per device" policy, an administrator needs to have the KeyArmor device and have access to the MMC.
- Access the MMC and open the group where the device belongs.
- Right-click the Device ID and select Remove Device to remove the device from the group and move it to the enterprise level. Do not remove the KeyArmor Device ID from your Enterprise. Doing so will make the device unmanageable. Security provisions are in place to prevent re-binding KeyArmor to an Enterprise once it has been tied to your Enterprise. This same logic prevents re-adding KeyArmor to your enterprise should you inadvertently delete the Device ID from your PolicyServer.
- Insert the KeyArmor device into a PC and sync the policies.
- Return to the MMC and add the device to the required group.
- Ensure that the new user is a member of the required group.
- Assign the new user a One-Time Password.
- Distribute the device to the new user and provide the username and One-Time Password.
The device will now be tied to the new inpidual.
KeyArmor product makes available the registry key for HBSS to log serial #'s, PID #'s, and VID #'s, for HBSS to allow or disallow the device insertion and asset tracking.
After initial authentication, PolicyServer can report how many devices have been registered, to whom they are assigned, and where and when it last communicated. Additional end-user detail related to files moved/copied is also available.