The minimum setup requirements for your HSM network environment.
With the help of your network administrator or HSM provider, ensure your HSM environment meets the following requirements:
- The Entrust HSM can be set up and configured either locally (on-premises)or using Entrust nShield as a Service (nSaaS).
- HSM Security World has been created. For more information on creating the HSM Security World, refer to the Entrust User Guide.
- Address Manager and DNS Server appliances/VMs must be connected to the same local network as the HSM server and their IP addresses must be added to the client list of the HSM server. By default, the HSM server uses TCP port 9004, but if your environment uses a different port, this is also supported. For further details, refer to the Entrust User Guide.
- Address Manager has been properly set up with a configuration, DNS views, zones, deployment roles, IP blocks, networks and other necessary settings.
- A Remote File Server (RFS) has been setup and configured on the same network as the
HSM server and Address Manager and DNS Server appliances. For more
information on setting up and configuring a Remote File Server for HSM, refer to the
Entrust User Guide.Note:
- Only one RFS is supported per Security World.
- Remote File Server (RFS) is recommended for replicating key and certificate blobs created by the application hosts and used by the BlueCat DNSSEC clustered application. It is recommended that all BlueCat DNSSEC clustered hosts sync withthe RFS to maintain the key and certificate blobs.
- Optional: You can also configure the Security World by uploading a compressed file to Address Manager that contains the Security World files from the RFS. For details, refer to OPTIONAL: Copying Security World files.
- For more information on setting up the necessary HSM prerequisites, refer to the Entrust User Guide.