The cluster key – HP Secure Key Manager User Manual
Page 175
the failure in the System Log and sends an SNMP trap indicating that the cluster is out of sync. Once a
device is out of sync, an administrator must synchronize it manually.
The following configuration settings are replicated within a cluster:
•
Keys
•
Local Users & Groups
•
KMS Server
•
NTP
•
DNS
•
SNMP
•
Log Signing Certificate
•
Local Certificate Authorities (CAs)
•
Authorization Policies
•
LDAP Server
•
SSL
•
Administrators and Remote Administration
•
IP Authorization
•
Logging
•
Service Startup
•
Known CAs, CRLs, and Trusted CA List Profiles
The following configuration settings can not be automatically replicated within a cluster:
•
Network settings
•
Certificates (other than the Log Signing Certificate)
NOTE:
Items not replicated by the clustering feature can be replicated manually using the Backup and Restore
mechanism described in
The Cluster Key
A cluster uses a cluster key to authenticate members during replication and synchronization. When a
cluster is created, this key is created automatically.
If a cluster member is stolen or the key is otherwise compromised, remove all devices from the cluster (this
will effectively delete the cluster). You can then create a new cluster and add members using the new key.
The Cluster Password
A cluster key is protected by a cluster password, which is provided by the administrator when creating the
cluster. This password must be provided when devices attempt to join a cluster, or when an administrator
attempts to restore a cluster backup.
You can change the password by editing Cluster Password and Confirm Cluster Password on the Cluster
Settings section of the Cluster Configuration page for every member of the cluster. You can do this if you
forget the original password, for example. However, to restore an automatic synchronization backup,
you will need the cluster password used when the backup was created. Therefore, if you forget a cluster
password you can still maintain the cluster, but you will lose the backups that use that password.
Local Certificate Authority Replication
The cluster feature enables you to replicate local certificate authorities (CAs) within a cluster. This includes
the CA’s public and private keys, the list of signed certificates, and the list of revoked certificates.
Secure Key Manager
175