beautypg.com

The cluster key – HP Secure Key Manager User Manual

Page 175

background image

the failure in the System Log and sends an SNMP trap indicating that the cluster is out of sync. Once a

device is out of sync, an administrator must synchronize it manually.
The following configuration settings are replicated within a cluster:

Keys

Local Users & Groups

KMS Server

NTP

DNS

SNMP

Log Signing Certificate

Local Certificate Authorities (CAs)

Authorization Policies

LDAP Server

SSL

Administrators and Remote Administration

IP Authorization

Logging

Service Startup

Known CAs, CRLs, and Trusted CA List Profiles

The following configuration settings can not be automatically replicated within a cluster:

Network settings

Certificates (other than the Log Signing Certificate)

NOTE:

Items not replicated by the clustering feature can be replicated manually using the Backup and Restore

mechanism described in

Services Configuration Page

.

The Cluster Key

A cluster uses a cluster key to authenticate members during replication and synchronization. When a

cluster is created, this key is created automatically.
If a cluster member is stolen or the key is otherwise compromised, remove all devices from the cluster (this

will effectively delete the cluster). You can then create a new cluster and add members using the new key.

The Cluster Password

A cluster key is protected by a cluster password, which is provided by the administrator when creating the

cluster. This password must be provided when devices attempt to join a cluster, or when an administrator

attempts to restore a cluster backup.
You can change the password by editing Cluster Password and Confirm Cluster Password on the Cluster

Settings section of the Cluster Configuration page for every member of the cluster. You can do this if you

forget the original password, for example. However, to restore an automatic synchronization backup,

you will need the cluster password used when the backup was created. Therefore, if you forget a cluster

password you can still maintain the cluster, but you will lose the backups that use that password.

Local Certificate Authority Replication

The cluster feature enables you to replicate local certificate authorities (CAs) within a cluster. This includes

the CA’s public and private keys, the list of signed certificates, and the list of revoked certificates.

Secure Key Manager

175

See also other documents in the category HP Storage: