Disconnected HSM servers won't be added to HSM configuration - BlueCat Integrity - 26.1.0

Address Manager Administration Guide
ft:locale
en-US
Product name
BlueCat Integrity
Version
26.1.0

As part of an HSM cluster, if an HSM server loses network connectivity while Address Manager is joining the security world, or while you are adding an HSM-enabled DNS Server to Address Manager, the HSM server port and IP address will be discarded. Neither Address Manager nor the HSM-enabled DNS Server will attempt to connect to the HSM server once network connectivity is restored.

Verifying HSM connectivity

To verify that you have lost connectivity to an HSM server:
  1. Log in to Address Manager/DNS Server via SSH.
  2. Run the following command:
    hsm-status.sh

If the HSM is connected properly, Address Manager should return ‘connection status OK’ for each HSM server. Ensure that the number of connection status messages matches the number of HSM servers you configured in the Address Manager user interface.

If you still don't receive output, the HSM server is disconnected. Contact your network administrator to assist in re-connecting the HSM server to the network. Once the HSM server has been re-connected, return to the Address Manager interface to re-add the HSM server.

Re-adding HSM servers to the security world

With the HSM server re-connected to your network, you must first re-add the HSM servers to the security world, and re-add the HSM server to each HSM-enabled DNS Server.

To re-add the HSM server to the security world:

  1. Select the Settings tab in the sidebar, then select HSM settings.
  2. Select the HSM configuration name menu, then select View details.
  3. In the expanded details section, select Update security world for Address Manager.
  4. Select the remove icon (x) for the previously disconnected HSM server.
  5. Select Update.

Address Manager returns you to the HSM configuration information page. Next, you must re-add the HSM servers.

  1. In the expanded details section, select Update security world for Address Manager.
  2. Select an HSM server from the HSM servers drop-down menu, then select the add icon (+).
  3. Select Update.
Address Manager returns you to the HSM configuration information page. Under Join security world, you can confirm the updates to the HSM servers.

Re-adding HSM servers to HSM-enabled DNS servers

After re-adding the HSM server to the security world, you must re-add the HSM server for each HSM-enabled DNS Server in your HSM configuration.

To re-add the HSM server to managed HSM-enabled DNS Servers:

  1. Select the Servers tab in the sidebar, then select Servers.
  2. Select the row containing the HSM-enabled DNS Server in the Servers table, then select Edit in the expanded details section.
  3. Under HSM support, complete the following:
    1. The Enable HSM support checkbox is selected.
    2. Select the remove icon (x) for the previously disconnected HSM server. If necessary, repeat for multiple HSM servers.
  4. In the Change control section, add comments if required.
  5. Select Save.
    Address Manager returns you to the Servers page. Next, you must edit the HSM-enabled DNS Server again and re-add the HSM server.
  6. Select the row containing the HSM-enabled DNS Server in the Servers table, then select Edit in the expanded details section.
  7. Under HSM support, complete the following:
    1. The Enable HSM support checkbox is selected.
    2. From the HSM servers drop-down menu, select the previously disconnected HSM server and then select the add icon (+). If necessary, repeat for multiple HSM servers.
  8. In the Change control section, add comments if required.
  9. Select Save.