A BlueCat DNSSEC-HSM configuration requires a minimum set of components.
Make sure you have one of each of the following appliances or virtual machines (more for redundancy) installed on your local network before attempting to create an HSM configuration:
- BlueCat Address Manager server:
- GEN 3: BAM-3000, BAM-6000. GEN 4: BAM-1000, BAM-5000, BAM-7000, BAM-7000XL. GEN 5: BlueCat 6500, BlueCat 8500.
- BlueCat DNS/DHCP Server:
- GEN 3: BDDS-20, BDDS-45, BDDS-60, BDDS-100, BDDS-100D. GEN 4: BDDS-25, BDDS-50, BDDS-75, BDDS-125. GEN 5: BlueCat 2500, BlueCat 4500, BlueCat 6500, BlueCat 8500.
- DNS/DHCP Server software v9.6.x or greater
- Entrust nShield HSMNote: Entrust HSM appliances can be clustered for high availability. You can cluster up to 99 HSM appliances in one configuration. All 99 will be equal and active HSM servers.Note: HSM will NOT function if Dedicated Management is enabled on the managed DNS/DHCP Server. Disable Dedicated Management from the DNS/DHCP Server Administration Console prior to configuring the server in Address Manager.
HSM with xHA is supported but with certain limitations. For details, refer to OPTIONAL: HSM with xHA.
- Remote File System (RFS)Note: The RFS can be any UNIX server.