HSM failover and disaster recovery - BlueCat Integrity - 9.5.0

Address Manager Administration Guide

Product name
BlueCat Integrity

BlueCat strongly recommends clustering at least two HSM servers for failover and disaster recovery.

Important: When the primary HSM server goes down either for scheduled maintenance, or as a result of hardware error or network outage, failover to the standby HSM server occurs automatically. However, there's a known limitation in the second failover once the primary HSM server goes back online.

In the event that a failover is triggered on the primary HSM server, the secondary HSM server will be promoted to primary status. Once the primary HSM server resumes normal operation, however, BIND must be re-started in order to complete the failover from the secondary back to the primary HSM server. Currently, this is a limitation of the Entrust netHSM server hardware.