A BlueCat DNSSEC-HSM configuration requires a minimum set of components.
Make sure you have one of each of the following appliances or virtual machines (more for redundancy) installed on your local network before attempting to create an HSM configuration:
- BlueCat GEN4-7000 (BDDS125), GEN4-5000 (BDDS75), GEN4-4000 (BDDS50), and GEN4-2000
(BDDS25)Note: BlueCat DNS Integrity CORE, BORDER, and BRANCH have been rebranded to the following names:
- BlueCat DNS Integrity CORE has been rebranded to BlueCat GEN4-7000 (BDDS125). If you have previously configured a BlueCat DNS Integrity CORE profile, the profile will be updated to BlueCat GEN4-7000 (BDDS125) upon upgrading to Address Manager v9.1.0.
- BlueCat DNS Integrity BORDER has been rebranded to BlueCat GEN4-5000 (BDDS75). If you have previously configured a BlueCat DNS Integrity BORDER profile, the profile will be updated to BlueCat GEN4-5000 (BDDS75) upon upgrading to Address Manager v9.1.0.
- BlueCat DNS Integrity BRANCH has been rebranded to BlueCat GEN4-4000 (BDDS50) and BlueCat GEN4-2000 (BDDS25). If you have previously configured a BlueCat DNS Integrity BRANCH profile, the profile will be updated to BlueCat GEN4-4000 (BDDS50) upon upgrading to Address Manager v9.1.0.
- BlueCat Address Manager 3000, 6000
- BlueCat DNS/DHCP Server 20, 45, 60, 100, 100D
- DNS/DHCP Server software v9.3.x or greater
- Entrust nShield Connect HSM appliancesNote: Entrust HSM appliances can be clustered for high availability. You can cluster up to 99 HSM appliances in one configuration. All 99 will be equal and active HSM servers.Note: HSM will NOT function if Dedicated Management is enabled on the managed DNS/DHCP Server. Disable Dedicated Management from the DNS/DHCP Server Administration Console prior to configuring the server in Address Manager.
HSM with xHA is supported but with certain limitations. For details, refer to OPTIONAL: HSM with xHA.
Note: The RFS can be any UNIX server. - Remote File System (RFS)