Etoken TMS management

Hi Typhoon87,

the credentials stored by SafeGuard Easy (SGE) and SafeGuard Enterprise (SGN) are completely different. SGE had SGE userID+password, which is normally different to Windows userID+domain+password. So normally they don't match, and therefore there is no migration provided from our side.

(Besides that the credentials are encrypted differently, they are stored on different places, and the used libraries are different, too. Unfortunately, in SGE we used a library from Aladdin for which we don't have the sources.)

If users know their Windows userID and password (which I hope they do), they should be able to logon to the Power-on Authentation without the eToken first, and then in Windows insert the eToken. SGN should write the Windows credentials to the eToken without reformatting. This might be inconvenient, I agree, but less than reformatting. (The eTokens would have old and new credentials afterwards, but does this matter?)

I did not test this situation, but it should work. I also don't know if TMS can backup the Windows credentials (likely not). If you want to have provisioning from TMS, I recommend to use certificate-based logon, or maybe license software from NetFox who did a TMS connector for SGN.

Hope this helps you.

Thomas,

Is there anyway that I can reconfigure the TMS management center to format the tokens in the  SGN format so I can at least continue to use that database to manage the tokens?

TMS offers a much more robust toolset for token lifecylce management than the SGN interface does. I can get down to the point if a machine is on the network or vpn'd in I can tell what user,machine and how long thier current session has been opened through the auditing. I can see when tokens were created, when they were modified, serial number, model number, status, how many token a user has had, ex If they lost two and are now on thier third one I can still see the info for the previous ones they had I can see if they were lost/broken, I can create temp logons with then ect. SGN has nowhere this level of functilonalty so this issue is not just one of training and manpower issues but also of feature sets that over the last two and a half years of using SNE have become usefull for tracking and management of users and tokens.

Hi Typhoon87,

do you really need to format the tokens? You should give it a try.

As far as I know the token format is the same (in both cases you work with Aladdin RTE in Windows, don't you?), although the data format of credentials is different in the two products. In the worst case you have an unused (old) SGE object on your eToken in parallel to a new SGN object. That should not be such a problem, I believe.

Please let me know if this works for you.

With compliments,

Thomas,

What is the RTE? IS thant an old name for the PKI, or TMS client? The current Aladdin Etoken TMS Center that we are currently using is actually a webpage that uses AD as its user store and an ADAM database as the data store. They do rely on a client for some functions this is called the Aladdin PKI client., as well as a TMS desktop agent the PKI and TMS agents go hand in hand.

Also as I stated in my prevous post, this isnt just about storing the credentails its the fact that we have a full working lifecyle management, reporting, and maintnence package in the TMS management center, SGN in its current setup does not offer anywhwere near the amount of options, and management resources that TMS does.

So if I dont reformat the tokens can I use the Etoken Egina piece for the windows logon?

Hi Typhoon87,

RTE stands for Run-time environment, or in other words for the PKI Client.

I am not suggesting that you use SGN Management Center for managing your eTokens. Please use TMS instead. You should be able to work with SGN, although TMS might not manage the SGN credentials then but all the rest.

(I asked Aladdin/SafeNet what they think about providing a SGN TMS plugin. I'll let you know when I have a result.)

I don't know if the eToken Egina collaborates with SGN; do you have tested this?

With compliments,

Thomas,

I wil be testing this this week. Currently I did try to set up the etoken Egina but SGN tells me an uknown gina was found. If I check no to use it anyway it appears to work for the most part. I did not have any major issues with it. execpt for the unknown gina error box at boot. Is there an easy way to fix that?

I want to take the time to thank you for the assiatance you are offering. The fact that this is such a large change from SGE 4.5X is really throwing me off.  I appreciate that you are looking in to whether or not a plug in type application could be made is very cool and I hope this could be done in the future. Thank you again for you ongoing support and community interaction.

Thomas,

I believe that you do need to format the key. The first step for either aplpication is to iniztize the token whtich wipes all of the data off the token.