beautypg.com

Multiple credentials in clusters, System backup – HP Secure Key Manager User Manual

Page 233

background image

NOTE:

If the SKM is configured to use NTP, modifications to the NTP system time can extend the life span of
a granted credential.

NOTE:

Granted credentials are not included in backups.

Multiple credentials in clusters

To implement multiple credentials on SKMs within a cluster, you must adhere to the following guidelines:

All devices within the cluster must have the multiple credentials feature enabled. The feature can
be enabled on one device and replicated to the others.

For each device within the cluster, the number of administrators with High Access Administrator
access control must be greater than or equal to the number of administrators required to authorize
an operation. If not, the feature is not be enabled.

To add a new device to a cluster with multiple credentials enabled:

1.

Make sure that the new device has the correct number of administrators with High Access
Administrator access control.

2.

Disable the multiple credentials feature for the cluster by disabling the feature for one device
within the cluster. This action requires confirmation from multiple administrators.

3.

Add the new device to the cluster. For information on adding a device to a cluster, refer to

Join

Cluster

4.

Enable the multiple credentials feature for the cluster by enabling the feature for one device within
the cluster.

System backup

The following information contained in the Multiple Credentials section of the Management Console
is backed up during system backups:

Status of the Multiple Credentials feature (enabled, disabled)

Number of administrators required

Credential time-out limit

Status of administration via provider (enabled, disabled)

Information about temporarily granted credentials is not backed up.

NOTE:

Restoring the administration configuration is not possible if the Multiple Credentials feature is enabled
but the config file is not included in the backup.

Secure Key Manager

233