The audience of this document is expected to be an experienced systems administrator with a good understanding of Windows Server management. In addition, it helps to be familiar with the terminology, software and tools specific to YubiHSM 2. As a primer for these, refer to the Terminology Used chapter in this guide.
In order to follow the steps provided in this guide, be sure you meet the following prerequisites, having:
Access to Microsoft Windows Server 2012, R2/2016, 2019 with Active Directory in an offline, air-gapped environment, such as a secure computer network that is physically isolated from unsecured networks such as the internet. You must also have elevated system privileges.
YubiHSM 2 software and tools for Windows downloaded from the YubiHSM 2 Release page and available on the system to be used.
Two (2) factory-reset YubiHSM 2 devices, one for deployment and one for backup in hardware.
Key custodians identified as per local requirements and available to participate. For more information about key custodians and the associated ‘M of N’ key shares, see the next chapter in this guide.