Chapter 2: DSM V6100 Hardware Appliance
Configuring a V6100 Appliance
DSM Installation and Configuration Guide
Copyright 2009 - 2020 Thales Group. All rights reserved.
22
Scenario DSM Server
Smart Cards
Required
HSM Switch
change
DSM CLI
Command
Notes
Certificate
generation or Master
Key rotation
HA Node 1 Any 1 of N No
security
gencert
Requires any 1 card of
total set N to be
inserted.
Creating DSM
Backup
HA Node 1 None No through web UI or
CLI
DSM wrapper keys for
backup/restore.
Restoring DSM
Backup into same
Security World.
HA Node 1 None No through web UI DSM wrapper keys for
backup/restore.
Restoring DSM
Backup into a
different Security
World
HA Node 1 Set of K (of the
security world
used to create
the backup)
Automatic
config restore
<name>
Upload package from
the Web UI, then follow
instructions to use CLI
to complete operation.
Zeroize – Wiping out
the HSM – Factory
Reset
Any None Automatic config load
default
Restores DSM to
default factory settings.
DSM Reset Any None Automatic config reset Retains network
configuration, but
erases all other DSM
data (Keys, Policies).*
DSM Software
Upgrade**
Any None No via web UI
Table 2-1: v6100 Physical Presence Requirements with remote administration enabled (continued)
*See "Reset DSM Appliance and Remove All Data" on page174 for more information about using this command.
**Except when upgrading from DSM software v5.3.1 to v6.0, a quorum and physical toggling of the switch are required
while doing an upgrade.
Configuring a V6100 Appliance
This section describes how to configure a new V6100 appliance with DSM software 6.4.2. Follow the procedure
described in Appendix A: "Specifications, Racking, and Cabling for the V6000 and V6100" on page122, to install the
physical appliance.
After installation and configuration, the DSM must have connectivity to all hosts that have Vormetric Transparent
Encryption Agents installed.
On the DSM appliance, DHCP is enabled by default on the eth0 interface. If an older DSM appliance is upgraded to
v6.0.2 or higher, you must enable DHCP manually. See "Upgrading the DSM" on page115 for more details. The next
sections describe how to configure the DSM appliance with DHCP enabled, or if you choose to turn it off, how to
configure the appliance using a static IP address.
Configuring DSM with DHCP
DHCP support is available for all the DSM interfaces; eth0 (enabled by default), eth1, and bond0. The DSM DHCP
implementation configures the interface IP address, subnet mask, router (default gateway), DNS server, and the
search domain. It does not configure a host name, an NTP server, or Time Zone for the DSM appliance, these have to
be manually configured through the CLI.
To Next Page
Loading...
