Overview
vSEC:CMS streamlines all aspects of a credential management system by connecting to enterprise directories, certificate authorities,IdPs, physical access control systems, email servers, log servers, biometric fingerprint readers, PIN mailers and more... With vSEC:CMS, organizations can quickly and easily deploy physical and virtual smart cards, badges, Windows Hello for Business (WHfB) and USB tokens (such as Yubikeys , Feitans, Thales, G+D, Swissbit and more) to employees. vSEC:CMS enables personalization and management of these authentication credentials instantly from AWS. The credentials can be of the type PIV/PKI, FIDO2 device bound-passkeys and RFID and in any combination.
Highlights
- Manage the Lifecycle of USB Tokens, Smart Cards, Windows Hello for Business (WHfB) and Virtual Smart Cards
- Manage and enroll FIDO2 device-bound passkeys into Entra ID, Okta, PingIdentity, Thales STA, Entrust IdaaS and other IDPs.
- Security device orchestration for FIDO2, PKI and RFID
Details
Features and programs
Financing for AWS Marketplace purchases
Pricing
Additional AWS infrastructure costs
Type | Cost |
|---|---|
EBS General Purpose SSD (gp2) volumes | $0.10/per GB/month of provisioned storage |
Vendor refund policy
No refund. Fully featured demo version available for evaluation.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
- Support for NFC communication for FIDO2 credentials has been added.
- Support for 'setUnmanagedMode' for Thales FIDO2.1 EF credentials has been added.
- The support for EntrustID IdP has been improved. It is now possible to reissue FIDO2 credentials. Connectors
- Support for EntraID as FIDO2 IdP has been added. HSM
- Support for HSM from Fortanix has been added. PKI
- Support for the AD ObjectSID attribute has been added for EJBCA. Credentials
- Support for the following Thales credentials has been added / improved: IDCore 3121 FIDO Safenet eToken FIDO USB-C Safenet eToken Fusion FIPS SafeNet eToken Fusion NFC PIV
- Support for token initialization at registration has been added for Thales eToken (IDPrime 930).
- Support for YubiKey firmware version 5.7 has been added.
- Support for IDEMIA AuthentIC V3 on Cosmo 8.2 has been added.
- Support for Token2 PIN+ FIDO2 Security Keys series has been added.
- Support for HID C2300 cards with challenge size=16 has been added. User self-service
- Support for card configuration template based card access for the vSEC:CMS User application has been added.
- Support for offline available settings has been added to the vSEC:CMS User application.
- A new configurable option has been added to force user authentication for all account roles when performing self-service issuance with multi role AD accounts.
- A new link: "Change PIN" has been added to the Credential Provider.
- The logo (as shown on the Home pane) will now be available on all panes in the User application. Performance
- Support for the AD attribute tokenGroupsGlobalAndUniversal has been added to CAdsUtil::getUserGroupsInAD which increases the performance a lot when using a large amount of groups in AD.
- The performance data collection has been improved to reduce the effort (CPU consumption) for it.
- Detailed statistics about the database usage can now be exported to the log file. This allows us to investigate slow performance.
- Calls from vSEC:CMS to external resources (e.g. AD, PKI, HSM, DB) and the duration of these calls can now be written to a separate log file.
- The "Select user directory groups" dialog has been improved. It is now possible to filter groups before reading them from the user directory. System management / configuration
- The management of vSEC:CMS roles and permissions has been improved in the vSEC:CMS Admin application.
- The card configuration dialog in the Admin application (Options - Smart cards) has been improved.
- The IDPV connection dialog has been improved: The JWT edit option has been removed, on behalf token management has been added.
- More details can be configured in the HSM connectors allowing to support different HSM configurations.
- More details have been added to the Repositories - Master Keys allowing to see where the keys are used.
- The Group policies (GPO) has been updated (See change log in install folder).
- A new permission check has been added based on AD group pair memberships.
- A new system health check has been added checking if DNs configured in card template permission checks exist in the user directory.
- A new parameter has been added to the installer to enable logging.
Additional details
Usage instructions
This virtual machine comes with vSEC:CMS ready for usage instantly. vSEC:CMS runs fully functional for 10 Credentials in evaluation mode. You can evaluate and configure your use case in your environment before purchasing licenses. You can acquire the needed license from Versasec or any of our partners. Start the configuration by following the guides on our support portal. Some of the first steps would be to connect to your on prem or cloud CA server and your user directory.
Once the instance is running you need to RDP to the virtual machine to start the configuration. Refer to following guide: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/connecting_to_windows_instance.html
Resources
Vendor resources
Support
Vendor support
Online Ticket, Phone, Onsite support@versasec.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.