The audience of this document is an experienced systems administrator with a good understanding of Microsoft Windows Server management. In addition, it is helpful to be familiar with the terminology, software, and tools specific to YubiHSM 2. As a primer for these, refer to the Terminology table in Getting Help.
In order to follow the steps provided in this guide, the following prerequisites must be met:
Access to Microsoft Windows Server 2012 SP2 or higher, installed in a secure computer network. The system administrator must have elevated system privileges.
The YubiHSM 2 SDK downloaded from the Yubico YubiHSM 2 Release page and available on the system to be used. Installation instructions are given in the following.
Two (2) YubiHSM 2 devices, one for deployment and one for backup in hardware.
Key custodians, if your organization policies require them for the YubiHSM 2 deployment. For more information about key custodians and the associated ‘M of N’ key shares, see "Key Splitting and Key Custodians" below.
Although it is possible to configure the YubiHSM 2 on a networked machine, to safeguard its integrity, it is recommended that its configuration be performed on a fresh system in an air-gapped environment, i.e., the steps in this guide should be performed on a stand-alone computer with both Windows Server 2012 SP2 or higher and the YubiHSM 2 software installed. And we recommend that you do not store keys - even under wrap - on network-accessible or otherwise compromisable storage media.