A BlueCat DNSSEC-HSM configuration requires a minimum set of components.
Make sure you have one of each of the following appliances or virtual machines (more for redundancy) installed on your local network before attempting to create an HSM configuration:
- BlueCat DNS Integrity CORE, BORDER, and BRANCHNote: BlueCat DNS Integrity CORE, BORDER, and BRANCH have been rebranded to the following names:
- BlueCat DNS Integrity CORE has been rebranded to BlueCat GEN4-7000 (BDDS125).
- BlueCat DNS Integrity BORDER has been rebranded to BlueCat GEN4-5000 (BDDS75).
- BlueCat DNS Integrity BRANCH has been rebranded to BlueCat GEN4-4000 (BDDS50) and BlueCat GEN4-2000 (BDDS25).
- BlueCat Address Manager 3000, 6000
- Proteus 3300, 5500
- BlueCat DNS/DHCP Server 20, 45, 60, 100, 100D
- Adonis 800, 1200, 1900, 1950
- DNS/DHCP Server software v8.3.1 or greater
- Thales nShield Connect HSM appliancesNote: Thales HSM appliances can be clustered for high availability. You can cluster up to 99 HSM appliances in one configuration. All 99 will be equal and active HSM servers.Note: HSM will NOT function if Dedicated Management is enabled on the managed DNS/DHCP Server. Disable Dedicated Management from the DNS/DHCP Server Administration Console prior to configuring the server in Address Manager.
HSM with xHA is supported but with certain limitations. For details, refer to OPTIONAL: HSM with xHA.Note: The RFS can be any UNIX server.
- Remote File System (RFS)