Appendix B: HA for V6x00 and Virtual Appliances
Configuring High Availability for Network HSM-enabled Nodes
DSM Installation and Configuration Guide
Copyright 2009 - 2020 Thales Group. All rights reserved.
139
8. On HA node 1 on the Management Console, click the Dashboard tab.
9. Match the fingerprint from the output on HA node 2 with the RSA CA fingerprint on the HA node 1 Dashboard.
Sample output:
Initial_Server=HaNode1.i.vormetric.com CAs_
Fingerprint=8F:104:BE:78:0E:BB:28:4F:64:4D:54:5A:B1
Ensure the fingerprint listed above matches the one on the
Security Server web console dashboard.
Self test in progress: passed
Starting data store
Starting Security Server
Security Server started in compatible mode
SUCCESS: joined to the HA cluster. The server is started. Please verify the fingerprint.
0009:ha$
10. In the GUI, click the High Availability tab. In the row for the HA node 2, the Synchronization status should
contain a green circle and the Configured column should contain a check.
Configuring High Availability for Network HSM-enabled Nodes
DSM appliances, which do not have a built-in HSM, can be configured to use a network HSM via an nShield Connect
HSM.
When configuring high availability (HA) for network HSM-enabled DSM, Thales recommends the following:
l
Configure at least two nShield Connect appliances in the Security World for fault tolerance. This means that in the
event that one of the appliances is not reachable, the Security World is still available. Refer to the nShield
Connect user documentation for a description of procedures to configure an nShield Connect HSM.
Note
Client licenses are required for each nShield Connect appliance that is configured for the HA Cluster—the
number of client licenses required per Connect appliance is equal to the number of DSM HA nodes
connected to the nShield appliance.
Configure HA with standalone nodes
You can configure a network HSM-enabled DSM HA cluster in one of two ways:
The first method is to configure all of the DSMs as standalone nodes and enable network HSMs for each of them in the
same Security World. You can now create a network HSM-enabled DSM cluster in the same manner as for any other
DSM cluster.
The high-level steps to configure a network HSM-enabled DSM HA cluster following this method are:
1. Configure two nShield Connect appliances and the associated RFS.
2. Configure the HA cluster.
Note
Add the DSM individually to the nShield Connect Security World to make each DSM network HSM-
enabled. This means you must run the connect add command on each DSM to add them to that Security
World.
To Next Page
Loading...
