PAYMENTVAULT TM LONG TERM DATA STORAGE Version 3.0 by Auric Systems International 1 July 2010
Copyright c 2010 Auric Systems International. All rights reserved.
Contents 1 Overview 1 1.1 Platforms............................ 2 1.2 Managing Passwords...................... 2 1.3 PCI Configuration....................... 2 1.4 Contacting Auric Systems International............ 2 2 Windows Installation 3 2.1 Minimum System Requirements................ 3 2.2 Installation Steps........................ 4 2.3 Directory Structure....................... 4 2.4 Oracle 11gR2 Database..................... 5 2.5 PostgreSQL Database..................... 6 2.6 Uninstalling........................... 7 3 Configuring 9 3.1 pv.conf file............................ 9 3.2 allowed hosts File........................ 11 3.3 Drive Space........................... 11 3.4 Configure Trevance R for PaymentVault TM.......... 12 3.5 Configure CN!Express R for PaymentVault TM......... 12 4 Running Windows R PaymentVault TM 15 4.1 Running as an Application................... 15 4.2 Switching Between Application and Service.......... 15 4.2.1 Service.......................... 15 4.2.2 Application....................... 16 4.3 Uninstalling the Service.................... 16 5 Audit File Format 17 Index 19 i
List of Tables 3.1 Values in DB section......................... 10 3.2 Values in the General section.................... 10 3.3 Values in the Maint section..................... 11 3.4 Drive space estimates........................ 12 ii
1 Overview The PaymentVault TM Long-Term Storage application provides a safe and secure storage mechanism for cardholder account numbers separate from customer s personally identifiable information. The PaymentVault TM product is not intended as an off-the-shelf solution. Auric Systems International uses it as the core on which to build customized long-term storage solutions. The PaymentVault TM product provides the following features: cardholder account numbers separated from personally identifiable information. account numbers accessed via a Unique Token ID (UTID). long-term storage for encrypted account numbers. controlled account data retrieval: Requires known UTID IPs must be registered with server Communication with server via secure tunnels Retrieve individual UTIDs No bulk retrieval operations individual UTID deletion flexible web-service interface. low-latency retrieval. flexibility to process with multiple payment processors. Federally-approved (256-bit AES) encryption for sensitive data. compliance with PCI Security Council s Payment Application Data Security Standard (PA-DSS). different capabilities in different models, based on your processing service. integration with Auric s Trevance R and CN!Express R payment applications. 1
2 CHAPTER 1. OVERVIEW PaymentVault TM interoperates with many different operating systems, applications, and processing services. Additionally, Auric Systems International s Trevance R and CN!Express R payment processing solutions have off-the-shelf support for PaymentVault TM technology. No matter where your business takes you, PaymentVault TM is ready. 1.1 Platforms The PaymentVault TM Long-Term Storage application is available in both Windows and Linux versions. This document currently covers the Windows release. Please contact Auric Systems International for details on the Linux installation. On Windows, PaymentVault TM is a 32-bit application. As such, it requires 32-bit database drivers to be installed for remote database access (such as Oracle and PostgreSQL). 1.2 Managing Passwords The PaymentVault TM Long-Term Storage application does not provide remote access for configuration and control. All PaymentVault TM access is limited by IP address. There are no PaymentVault TM passwords to manage. Your in-house PCI policy in regards to password and key management must be applied to the server on which PaymentVault TM is installed. Additional access and authorization services may be integrated with PaymentVault TM on a per-installation customization basis. 1.3 PCI Configuration Please refer to the accompanying Trevance R PABP Recommendations document for details about installing PaymentVault TM in a PCI-compliant manner. 1.4 Contacting Auric Systems International Phone 603.924.6079 Email support@auricsystems.com, sales@auricsystems.com Web http://www.auricsystems.com/
2 Windows Installation This chapter describes the minimum and recommended system requirements for the PaymentVault TM Long-Term Storage application, and how to install and uninstall the software on your computer system. Unlike other Auric Systems International products that have built-in Demo, Test, and Live modes; PaymentVault TM runs in a single mode. Auric Systems International recommends keeping separate installations for your development (demo), test, and production needs. This ensures live production data is never stored in a demo or test environment and helps address PCI data storage requirements. 2.1 Minimum System Requirements System requirements are always based on individual usage. PaymentVault TM is designed to run quickly, have a low-impact on server resources, and run on what is a fairly moderate to low-end server. Of course, if your requirements are to be running hundreds of transactions a second through the system, a higher-capability server is required. The following are minimum requirements. Auric Systems International recommends stress testing in your own environment. A minimum of 512 Mbytes of memory A 1 Gigahertz Pentium Processor A TCP/IP network connection PaymentVault TM runs on any of the following platforms: Windows 2003 server Windows XP For initial installation, we recommend approximately 100 Mbytes of free hard disk space. PaymentVault TM comes with an embedded FireBird database installation and also supports the Oracle and PostgreSQL relational database. As of this writing, Auric Systems International requires Oracle 11gR2 or PostgreSQL 8.x. 3
4 CHAPTER 2. WINDOWS INSTALLATION 2.2 Installation Steps PaymentVault TM is always installed on your system as both an application and a Windows service (the Windows service is not active). The application version runs from a command line. When you start it from the Windows Start menu, it opens a command prompt window and begins logging information to that window. When run as a service, PaymentVault TM has no graphical user interface. Auric Systems International recommends running the application version when performing your initial configuration and testing. It is convenient to watch the log information scrolling on the command prompt window while completing your initial configuration and test. After you ve configured and tested PaymentVault TM, you can switch to the service version for production To install, simply run the PaymentVault TM installer and follow the prompts. The only installation option is selecting the destination directory The PaymentVault TM Setup program is both an installer and an updater. You can run it on top of an existing installation. 2.3 Directory Structure Automated backups are only performed with the built-in embedded FireBird database. If using Oracle or PostgreSQL, perform normal daily backup and maintenance as per Oracle or PostgreSQL documentation. By default, PaymentVault TM installs in: c:\program Files\AuricPaymentVault The two PaymentVault TM pv.exe Application version. pvctl.exe Service version. executable files are: The lib directory contains portions of the PaymentVault TM application. The backup directory is the destination of the nightly automated database backups. You should regularly move these backup files to a different server and delete old backups. the www directory contains a test web page for sending transactions to the PaymentVault TM. The log directory contains all logs generated by PaymentVault TM, including logging each HTTP request. New log files are created daily.
2.4. ORACLE 11GR2 DATABASE 5 2.4 Oracle 11gR2 Database PaymentVault TM requires that the Oracle 11gR2 client libraries be installed. Although the 11gR2 client libraries are required, PaymentVault TM runs with both 10g and 11gR2 servers. It has not been tested against 11gR1, which is significantly different than 11gR2. On Windows, PaymentVault TM ships as a 32-bit application and requires the 32-bit Oracle 11gR2 drivers be installed. Download and install the Oracle client installer suitable for your platform. Log in as SYSDBA and create a new Oracle user for the PaymentVault TM service. In this document, we ll refer to them as auricpvuser that has password pvpassword and that the host is named auric host. Grant the following privileges to this user: create session create table unlimited tablespace Log on as the new user and run the online remotesql script for PaymentVault TM. SQL*Plus Example: SQL> create user auricpvuser identified by pvpassword; User created. SQL> grant create session to auricpvuser; Grant succeeded. SQL> grant create table to auricpvuser; Grant succeeded. SQL> grant unlimited tablespace to auricpvuser; Grant succeeded. SQL> quit
6 CHAPTER 2. WINDOWS INSTALLATION cd c:\program Files\AuricPaymentVault\data\remote\ c:\>sqlplus auricpvuser/pvpassword@auric_host @online_remote.sql 2.5 PostgreSQL Database PaymentVault TM has been tested with the 8.x versions of PostgreSQL. Please contact Auric Systems International if you need to use the new 9.x versions. If using the PostgreSQL database, Auric Systems International recommends downloading and installing the version suitable for your platform. If installing PostgreSQL on Windows, the One Click Installer available from http://www.postgresql.org/ is recommended. This installs the database itself as well as various useful tools such as pgadmin III, a graphical interface into PostgreSQL. Once PostgreSQL is installed, create a database and run the online remote.sql script. This script is found at: c:\program Files\AuricPaymentVault\data\remote\ Start pgadmin III and perform the following steps: Create a new connection to the database (localhost at port 5432 if you re running on the same machine. Log-on as the administrator/superuser. Typically postgres. Create a new login role. Call it auric pv user. Create a new database. Call it auric pv. Set the owner to auric pv user. Set the encoding to UTF8. You can use the default tablespace Create a new connection to the database using the auric pv user login name. Connect to PostgreSQL using auric pv user. Click on Database and then auric pv. From the menus, select Tools/Query Tool. From the new window s menu, select File/Open. online remote.sql file and open that. Navigate to the
2.6. UNINSTALLING 7 From the menu, select Query/Execute. The creation script runs and you will likely see a notice and a warning. This is expected. PostgreSQL is now ready for you. 2.6 Uninstalling To uninstall PaymentVault TM navigate to the directory where PaymentVault TM is installed and run the Uninstall.exe program. This removes both the application and the service. Before uninstalling, make sure PaymentVault TM is not running. Check to see both the application and Windows Service are stopped. If you are running the embedded Firebird Database version, then the uninstall process overwrites the following files six times with binary 0s. This is in accordance with PCI recommendations for secure deletion of any encrypted account information: pv.gdb primary database file pv.conf configuration file *.* all files in backup directory (database backups) If using Oracle or PostgreSQL, then the database files should be deleted using a secure methodology acceptable to your company. The PaymentVault TM service must be stopped, and the PaymentVault TM application must be exited before running the uninstaller.
3 Configuring All PaymentVault TM configuration is contained in two files, which are edited with any text editor. The pv.conf file contains general configuration information. The allowed hosts file defines which remote machines are allowed to communicate with the PaymentVault TM application. It is best practice to stagger the maintenance times on PaymentVault TM and Trevance R or CN!Express R so that they do not run simultaneously. PaymentVault TM maintenance is best run after the Trevance R or CN!Express R maintenance so that the PaymentVault TM backup contains the latest UTID information. 3.1 pv.conf file database type oracle: For Oracle 11gR2 clients (supports 10g) pgsql: For PostgreSQL fb embed: For Firebird embedded database name oracle: [blank] pgsql: Name of database. auricpv. fb embed: [blank] Typically database host database user database password min pool size oracle: Oracle connection identifier. If blank, the default Oracle instance. pgsql: Name (or IP address) of remote host. Defaults to localhost. fb embed: [blank] oracle: Typically auricpvuser. pgsql: Typically auricpvuser. fb embed: [blank] oracle: Use a strong password. pgsql: Use a strong password. fb embed: [blank] Minimum number of connections to maintain with the database. Default value of three (3) is typically sufficient. 9
10 CHAPTER 3. CONFIGURING max pool size Maximum number of connections to maintain with the database. Default value of five (5) is typically sufficient. Table 3.1: Values in DB section. host-ip IP address to which PaymentVault TM is bound. By default, it is bound to 127.0.0.1 which means it listens only to communications on the machine where it is installed. Before accepting transactions from a remote machine, it must be bound to an external IP address on the machine where it is installed. Start a command prompt and run ipconfig. This utility shows the IP address of this machine. If the machine has more than one IP address, you need to pick one of them to be bound to, or you can enter 0.0.0.0 as the host-ip and Auric Payment Vault listens to all network connections on that machine. port IP port on which PaymentVault TM listens. Needs to be open in your server s firewall. showtestpage log path debug Set to 0 (zero) when ready to go into production to ensure the test page is no longer shown. Path to the log directory. Can be relative or absolute. Set to 1 (one) to see additional debugging messages in the log files. Table 3.2: Values in the General section.
3.2. ALLOWED HOSTS FILE 11 PaymentVault TM runs various maintenance tasks on a daily basis. One of the tasks is the expiration of old UTIDs. PaymentVault TM only performs backup and optimization tasks when running with an embedded Firebird database. When using the PostgreSQL database you should perform normal daily maintenance as recommended by the PostgreSQL documentation. maintenance time HHMM when maintenance should start. expire days backup path Delete UTID entries after this many days have gone by. Defaults to 120 days. PaymentVault TM forces a minimum value of 7 days Path to where nightly backup files are written. Table 3.3: Values in the Maint section. 3.2 allowed hosts File PaymentVault TM restricts the hosts from which it accepts connections. The allowed hosts files initially has just 127.0.0.1 which is localhost. Before transactions are accepted from a remote machine running Trevance R or CN!Express R, the IP address of the server must be entered into allowed hosts. Enter each IP address on a separate line. 3.3 Drive Space The following are estimates of disk space required by PaymentVault TM during typical operation. database The PaymentVault TM database file (pv.gdb) stores approximately 250 bytes for every stored key (UTID). 500,000 stored keys requires approx 125MBytes of disk space.
12 CHAPTER 3. CONFIGURING backup PaymentVault TM generates a nightly backup which, for size calculations, should be considered to be the same as the main database. In practice, the backup will be smaller than the active database. pv.log PaymentVault TM logs general actions such as start, stop, maintenance, etc. This log tends to be quite small. One log is generated per day. audit.log PaymentVault TM generates an audit log of each request. For sizing purposes, consider that each log entry is 250 bytes. Table 3.4: Drive space estimates. 3.4 Configure Trevance R for PaymentVault TM The Trevance R payment application supports direct connections to the PaymentVault TM long term server. All communication with the PaymentVault TM server must be over a PCI compliant network connection. 1. Start and Pause Trevance R. 2. Configure/Options/UTID. 3. Enter the PaymentVault TM URL and port: http://10.0.0.5:8090 3.5 Configure CN!Express R for PaymentVault TM The CN!Express R payment application supports direct connections to the PaymentVault TM long term server. All communication with the PaymentVault TM server must be over a secured network connection.. 1. Start the CN!Express R Configuration Utility. 2. Click on the Advanced tab.
3.5. CONFIGURE CN!EXPRESS R FOR PAYMENTVAULT TM 13 3. Set how long you want to retain UTID values locally in CN!Express R. This setting is independent of the length of time for which the PaymentVault TM long-term server stores UTIDs. 4. Enter the PaymentVault URL and port: http://10.0.0.5:8090 5. Click Apply. Note: Versions of CN!Express R older than 4.0.13 required you to click the Generate PaymentVault TM UTIDs check box. This is no longer required. CN!Express R now always generates UTID values whenever the UTID field is returned.
4 Running Windows R PaymentVault TM PaymentVault TM runs as either a stand-alone application or as a Windows service. You can run one or the other. You cannot run both the service and the application at the same time. During configuration and testing, we recommend you run PaymentVault TM as an application. Afterwards, you can run PaymentVault TM as a service. 4.1 Running as an Application After installing and configuring, run PaymentVault TM as an application: Start PaymentVault TM as an executable from the Windows Start/All Programs/Auric PaymentVault/pv. This starts a command window. Start a web browser and enter the following url: http://127.0.0.1:8090/ A test page appears indicating PaymentVault TM is operational. Log entries appear on the command line showing PaymentVault TM being accessed. is 4.2 Switching Between Application and Service The automatically installed Windows Service is inactive by default. activate the service: To 1. Establish a log-on account for the service, if necessary. 2. Set the service up to run as a specific user. 3. Test the service 4.2.1 Service is started and stopped just like any other Windows Ser- PaymentVault TM vice. 1. Open the Services window from your Control Panel. 15
16 CHAPTER 4. RUNNING WINDOWS R PAYMENTVAULT TM 2. Find pv (the PaymentVault service) in the list and double-click to display the Properties window. 3. Set the Startup Type to Automatic. 4. Click on the Log On tab. 5. Select a local account under which to run. Do not run under the Local System Account. 6. Click the Apply button to save your changes. 7. Switch back to the General tab, and Start Trevance. 8. Once started, click the F5 key to refresh the screen 4.2.2 Application Suppose you ve been running PaymentVault TM to run it as an application: as a service and now want 1. Open the Services window from your Control Panel 2. Find pv in the list and double-click to display the properties window. 3. At Service Status, click on the Stop button. 4. Set the Startup Type to Manual. 5. Click on the OK button. 6. The service is no longer running. You may now run PaymentVault as an application. 4.3 Uninstalling the Service PaymentVault TM automatically installs as a service. You can use the following command line commands to remove and reinstall the Windows service. Note: the following commands use the pvctl.exe application, not pv.exe Action Remove the service Install the service Command Line pvctl -remove pvctl -install
5 Audit File Format The audit file tracks UTID retrieval requests to the PaymentVault TM longterm server. Audit files follow the NCSA XLF/ELF log format. The interesting fields are: 0 The requesting IP. 3 The timestamp. 4 The operation (which includes the UTID). 14 Success (1) or Failure (0). An example log entry looks as follows: 127.0.0.1--[22/Jan/2008:15:27:11+0000]"UTID-RETRIEVE4xV9JySYJaZPG8t3O-3DCIiS4qC3 -hrjiaggl4aaaps"---------1 17
Index application, 15 audit format, 17 configuration, 9 installation, 4 IP address, 10 maintenance, 9 Oracle, 5 passwords, 2 PostgreSQL, 6 support, 2 system requirements, 3 uninstall, 7 Windows service, 4, 15 19