4 roles, services, and authentication – HP FIPS 140-2 User Manual
Page 11
Security Policy, version 1.0
January 31, 2008
HP StorageWorks Secure Key Manager
Page 11 of 26
© 2008 Hewlett-Packard Company
This document may be freely reproduced in its original entirety.
Descriptions of LEDs on the rear panel are given in Table 5 – Rear Panel LED Definitions.
Table 5 – Rear Panel LED Definitions
Item
Description
Status
1
10/100/1000 NIC 1 activity
LED
Green = Activity exists.
Flashing green = Activity exists.
Off = No activity exists.
2
10/100/1000 NIC 1 link
LED
Green = Link exists.
Off = No link exists.
3
10/100/1000 NIC 2 activity
LED
Green = Activity exists.
Flashing green = Activity exists.
Off = No activity exists.
4
10/100/1000 NIC 2 link
LED
Green = Link exists.
Off = No link exists.
5 UID
LED
Blue = Identification is activated.
Off = Identification is deactivated.
6
Power supply 2 LED
Green = Normal
Off = System is off or power supply has failed
7
Power supply 1 LED
Green = Normal
Off = System is off or power supply has failed
2.4 Roles, Services, and Authentication
The module supports four authorized roles:
• Crypto Officer
• User
• HP User
• Cluster Member
All roles require identity-based authentication.
2.4.1
Crypto Officer Role
The Crypto Officer accesses the module via the Web Management Console and/or the Command Line Interface
(CLI). This role provides all services that are necessary for the secure management of the module. Table 6 shows the
services for the Crypto Officer role under the FIPS mode of operation. The purpose of each service is shown in the
first column (“Service”), and the corresponding function is described in the second column (“Description”). The
keys and Critical Security Parameters (CSPs) in the rightmost column correspond to the keys and CSPs introduced
in Section 2.7.1.
Table 6 – Crypto Officer Services
Service
Description
Keys/CSPs
Authenticate to SKM
Authenticate to SKM with a username and
the associated password
Crypto Officer passwords – read;
TLS/SSH keys – read