We have two options to use remote slot.
1. Remote operator with nShield Edge
2. Remote administrator with nShield TVD(Trusted Verification Device)
I will describe how to use Remote administrator with KeySafe in this article.
There is some limitation to use KeySafe with Remote administrator.
1. Slot mapping. Dynamic slot should be "0".
2. Cannot use with Remote operator
I had some trial and error for it.
Because I could use some commands with Remote administrator without any restriction.
For instance, when we want to change ACS/OCS card password, we can use cardpp command.
Please see below test procedure.
[Test with dynamic slot "2"]
We can see dynamic slot "2".
After insert OCS card in TVD.
After insert OCS card in TVD, cardpp command can realize OCS card.
We also can see dynamic slot "2" in KeySafe.
But "Erase card" and "Change Passphrase" button is disabled.
As you can see my test result above, we cannot use KeySafe with Dynamic slot "2".
So I had test again with Dynamic slot "0".
[HSM Slot mapping]
We have to be dynamic slot mapping to slot number 0. We can dynamic slot mapping in HSM front panel.
[Security World mgmt] -> [Setup dynamic slots] -> [Slot mapping]
Slot "0" is dynamic slot. We can check with slotinfo command.
After insert OCS card, we can check slot status with slotinfo command.
[KeySafe - Slot information and Examine/Change Card feature in Card sets]
We can see slot "0" with OCS card. I inserted an OCS card in Remote administrator.
We can see enabled buttons as "Erase Card" and "Change Passphrase".
Provided you want to use KeySafe with Remote administrator, you should be mapping dynamic slot to number 0 and you should erase remote operation config if you used before.