cr1 works with a number of facilities and databases to provide an authenticated connection between client and server. These facilities and databases must be administered prior to creating a shared key for two principals in a cr1 exchange. The following is an overview of setting up a cr1-protected service, first on the client side, then on the server side. This overview assumes a Transport Level Interface (TLI) connection.