Disconnected HSM servers won't be added to HSM configuration - BlueCat Integrity - 9.4.0

Address Manager Administration Guide

Product name
BlueCat Integrity

As part of an HSM cluster, if an HSM server loses network connectivity while Address Manager is joining the Security World, or while you are adding an HSM-enabled DNS Server to Address Manager, the HSM server port and IP address will be discarded. Neither Address Manager nor the HSM-enabled DNS Server will attempt to connect to the HSM server once network connectivity is restored.

Verifying HSM connectivity

To verify that you have lost connectivity to an HSM server:
  1. Log in to Address Manager/DNS Server via SSH.
  2. Run the following command:

If the HSM is connected properly, Address Manager should return ‘connection status OK’ for each HSM server. Ensure that the number of connection status messages matches the number of HSM servers you configured in the Address Manager user interface.

If you still don't receive output, the HSM server is disconnected. Contact your network administrator to assist in re-connecting the HSM server to the network. Once the HSM server has been re-connected, return to the Address Manager interface to re-add the HSM server.

Re-adding HSM servers to the Security World

With the HSM server re-connected to your network, you must first re-add the HSM servers to the Security World, and re-add the HSM server to each HSM-enabled DNS Server.

To re-add the HSM server to the Security World:

  1. Select the Administration tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Administration page.
  2. Under General, click HSM Configurations.
  3. Under Security World Configuration, click Update Security World for Address Manager.
  4. Under General, select the previously disconnected HSM server from the list and click Remove. HSM servers can only be removed one at a time. Repeat step 4 to remove multiple HSM servers.
  5. Click Update.

Address Manager returns you to the HSM configuration information page. Next, you must re-add the HSM servers.

  1. Under Security World Configuration, click Update Security World for Address Manager.
  2. Under General, select an HSM server from the HSM Servers drop-down menu and click Add. HSM servers can only be added one at a time. Repeat step 7 to add multiple HSM servers.
  3. Click Update.
Address Manager returns you to the HSM configuration information page. Under Join Security World, you can confirm the updates to the HSM servers.

Re-adding HSM servers to HSM-enabled DNS servers

After re-adding the HSM server to the Security World, you must re-add the HSM server for each HSM-enabled DNS Server in your HSM configuration.

To re-add the HSM server to managed HSM-enabled DNS Servers:

  1. Select the Servers tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
  2. Under Servers, click the name of the HSM-enabled DNS Server you want to edit.
  3. Click the server name menu and select Edit.
  4. Under HSM Support, complete the following:
    • Select the check box, Enable HSM Support. The Add Server page refreshes to show your HSM configuration and a drop-down menu of HSM servers.
    • From the HSM Servers drop-down menu, select the previously disconnected HSM server and click Remove. If necessary, repeat for multiple HSM servers.
  5. Under Change Control, add comments, if required.
  6. Click Update. Address Manager returns you to the Server information page. Next, you must edit the HSM-enabled DNS Server again and re-add the HSM server.
  7. Click the server name menu and select Edit.
  8. Under HSM Support, complete the following:
    • Select the check box, Enable HSM Support. The Add Server page refreshes to show your HSM configuration and a drop-down menu of HSM servers.
    • From the HSM Servers drop-down menu, select the previously disconnected HSM server and click Add. If necessary, repeat for multiple HSM servers.
  9. Under Change Control, add comments, if required.
  10. Click Update.
Address Manager returns you to the Server information page. In the General section of the Details tab, the HSM Servers section lists the HSM server linked to your DNS Server.