RSA SecurID Ready Implementation Guide
Last Modified 9/4/02
1. Partner Information
Partner Name
Web Site
Datum
Product Name
TymServe
2100
Version & Platform
Product Description
TymServe provides a single, unbiased time reference that draws
from multiple time sources. Computer networks and systems can be
automatically and accurately synchronized.
Product Type
Dedicated Time Service
1
3. Solution Summary
The TymServe product co-exists with an ACE/Server on the same system,
assuring that the system clock that the ACE/Server relies upon is as accurate as
possible. Because SecurID authentication is based on time synchronization
between RSA SecurID tokens and the ACE/Server, this prevents clock drift of the
server, making SecurID authentications more reliable. An accurate system clock
also assures that ACE/Server audit trail messages include accurate time stamps for
activity.
4. Product Requirements
Client Software
The TymServe is a stand-alone timeserver that distributes time over a TCP/IP
network including Internet, using the Network Time Protocol, NTP. The TymServe
acts as a primary timeserver that broadcasts or responds to the specific time
request packet to the server, the server affixes its current time and returns the
packet, and the client software processes the time data to adjust its local clock.
Sources from where the NTP client software can be obtained and advice on how to
install the client software is given in the reference listing in the back of the
TymServe 2100 Network Time Server User’s Guide.5.
5. Partner ACE/Agent configuration
ACE/Server has been tested and certified to operate on a server that is using
Datum’s TymServe 2100 timeserver. There are no extraordinary configuration
requirements for RSA ACE/Server in this environment, and there is no impact to
either ACE/Server’s operation or the timing service provided by Datum.
3
6. Certification Checklist
Date Tested: Wednesday, May 01, 2002
The following tests were performed with RSA’s ACE/Agent for Windows NT to assure
proper agent and ACE/Server operation when TymServe is used to derive time on the
same system:
Product
Test
Tested Version
ACE/Server
ACE/Agent
TimeServ
5.0.01
N/A
2100
ACE
RADIUS
1st time auth. (node secret creation)
P
New PIN mode:
System-generated
Non-PINPAD token
PINPAD token
User-defined (4-8 alphanumeric)
P
P
P
P
Non-PINPAD token
Password
P
P
P
P
User-defined (5-7 numeric)
Non-PINPAD token
PINPAD token
SoftID token
Deny 4 digit PIN
Deny Alphanumeric
P
P
P
P
P
P
P
P
P
P
User-selectable
PASSCODE
Non-PINPAD token
PINPAD token
P
P
P
P
16 Digit PASSCODE
4 Digit Password
P
P
P
P
Next Tokencode mode
Non-PINPAD token
PINPAD token
P
P
P
P
Replica Servers
P
P
P
P
User Lock Test (ACE Lock Function)
No ACE/Server
JRV
*P=Pass or Yes F=Fail N/A=Non-available function
4
7. Known Issues
• None
5
|