EMBASSY® Key Management Server
Frequently Asked Questions
Click on the question to show the answer. Expand All Answers
What is EMBASSY Key Manager Server?
EMBASSY Key Manager Server (EKMS) is a server software product for secure backup and restoration of protected keys from one TPM-enabled system to another, according to security policies defined on the server.
How do you administer EKMS?
EKMS’s administrative interface is through a Microsoft Management Console (MMC) snap-in application. EKMS Administrators are conventional domain members with privileges to execute actions through the EKMS console.
What is Key Transfer Manager (KTM)?
Key Transfer Manager (KTM) is a key archive system for end-users and enterprises that need a straightforward and automated method to securely archive, restore, and transfer TPM encryption keys and some associated data. When used with Wave’s EMBASSY Key Manager Server (EKMS), enterprises have a way to manage the critical issue of ensuring that encryption keys are not lost easily across their network.
How does EKMS work with KTM?
The Key Transfer Manager (KTM) client software formats the TPM-secured keys, certificates and passwords into individual migration packages and securely transmits them to the EKMS server for storage and subsequent recovery. Retrieval of the archived information requires authorized access based upon company’s security policy settings. Using EKMS, an IT administrator can perform activities on archives, such as master password reset, assigning archives to be downloaded to different clients, and more.
What are the advantages of using the Embassy Key Management Server (EKMS) over stand-alone KTM clients?
The Embassy Key Management Server allows an IT organization to manage and control the backup of sensitive TPM key information, rather than leaving it up to individual users. The security of managing the TPM key archive and recovery process through the EKMS is increased. Management of PCs containing TPM chips is much easier through using EKMS and productivity is better during the times when keys need to be restored due to platform malfunction or replacement.
What are some of the other features that the EKMS provides?
The EKMS also provides key backup policy enforcement, two methods for enabling key sharing between users and groups, key distribution and key escrow. Please review the documentation or contact Wave Systems for more information.
How does the EKMS fit into my network environment?
EKMS runs on Windows 2003 Server and works in conjunction with Microsoft Active Directory.
We want to install the Embassy Key Management Server, but our domain controller is NT4. If we install EKMS on a Windows 2003 server, can we use it in a mixed environment with a domain controller that isn’t Windows 2003?
These are several possible scenarios for EKMS installs:
- Domain type is Win 3K Native or raised into 3k, the Active Directory schema is 3k, EKMS support=yes, Difference in install. Policy will be deployed into AD.
- Domain type is Win 3K Mixed, the Active Directory schema is 2k, EKMS support-yes, Difference in install. Policy will be deployed into AD.
- Domain type is Win 2K, the Active Directory schema is 2k, EKMS support-yes, the Difference in install. Policy will be deployed into XML file.
Is extended support available?
Yes. Wave Systems offers options for support and maintenance to help IT organizations in their setup, configuration, integration or ongoing maintenance of the Embassy Key Management Server. Contact Wave Systems through the Online Support Request Form or by calling (877) 228-WAVE for more details.
If you need additional information, please submit a Support Request Form. Customer Service will contact you within one business day with a response to your inquiry. To ensure quality customer service, please include your email address and a detailed description of the issue/inquiry.