HSM failover and disaster recovery - BlueCat Address Manager - 9.2.0

Address Manager Administration Guide

prodname
BlueCat Address Manager
version_custom
9.2.0

BlueCat strongly recommends clustering at least two HSM servers for failover and disaster recovery.

Important: When the primary HSM server goes down either for scheduled maintenance, or as a result of hardware error or network outage, failover to the standby HSM server occurs automatically. However, there's a known limitation in the second failover once the primary HSM server goes back online.

In the event that a failover is triggered on the primary HSM server, the secondary HSM server will be promoted to primary status. Once the primary HSM server resumes normal operation, however, BIND must be re-started in order to complete the failover from the secondary back to the primary HSM server. Currently, this is a limitation of the Thales netHSM server hardware.