beautypg.com

Configuring the cluster, Clustering overview – HP Secure Key Manager User Manual

Page 191

background image

Description

Component

In this field you specify the IP address on which you want to listen for health check
requests. You can specify an individual IP address bound to the SKM or you can
specify All.

IMPORTANT:

We strongly recommend that you limit the Health Check feature to a specific IP
address. If you have four IP addresses bound to the SKM, and you enable the
Health Check feature for all IP addresses, then the SKM listens for health check
requests on four different IP addresses; whereas, if you specify a single IP
address, the SKM listens for health check requests on only one IP address. This
can greatly reduce system vulnerability to outside attacks.

Local IP

In this field you specify the port on which you want the SKM to listen for health check
requests. The default value for this setting is 9080.

Local Port

Click Edit to modify the health check settings.

Edit

Configuring the cluster

Clustering enables multiple SKMs in a distributed environment to synchronize and replicate configuration
information, thus reducing administration overhead. This chapter contains the following information:

Clustering Overview
Cluster Configuration Page
Clustering Procedures

Clustering overview

A cluster enables multiple KMS Servers to share configuration settings. Any changes made to these
values on one cluster member are replicated to all members within the same cluster. This enables you
to immediately share configuration changes with other KMS Servers.

When a configuration operation is performed on one cluster member, the cluster feature determines
if the operation should be replicated throughout the cluster. If so, the KMS Server immediately sends
a similar operation request to every other member using the cluster port.

If the replication succeeds for a device, the operation is recorded in the System Log. If the replication
fails, the server waits 30 seconds and tries again. If three consecutive replications fail, the server
records the failure in the System Log and sends an SNMP trap indicating that the cluster is out of sync.
Once a device is out of sync, an administrator must synchronize it manually.

The following configuration settings are replicated within a cluster:

Keys

Local Users & Groups

KMS Server

NTP

DNS

SNMP

Log Signing Certificate

Local Certificate Authorities (CAs)

Authorization Policies

Secure Key Manager

191