Having already created an HSM configuration in Address Manager, you can now add HSM servers.
The HSM server will generate DNSSEC keys that are defined by the DNSSEC-HSM signing
policy which you will create in Address Manager.
Note: You can add multiple HSM servers (an HSM
cluster) to an HSM configuration. BlueCat recommends adding at least two HSM
servers for redundancy and disaster recovery.
To add an HSM server:
Your newly added HSM servers appear in the HSM
Servers tab of the HSM configuration information page.
With HSM servers added to your HSM configuration, the next steps are to configure
the Security World, then join Address Manager to the Security World.
Note: Disconnected HSM servers won't be added to
HSM configuration
As a best practice, verify that you are connected to all
HSM servers listed in the Address Manager user interface. To
confirm the connectivity status of HSM servers, perform the following:
- Log in to Address Manager via SSH as root.
- Run the following command:
hsm-status.sh
Address Manager should return ‘connection status OK’ for each HSM server. Ensure that the number of connection status messages matches the number of HSM servers you configured in the Address Manager user interface.
If Address Manager can't connect to an HSM server(s), or if the confirmed connections are less that the number of HSM servers added to the Address Manager user interface, refer to Troubleshooting.