Replacing HSM-enabled DNS Servers - BlueCat Integrity - 9.5.0

An HSM-enabled DNS server must first be disabled in Address Manager before it can be replaced. Use the Replace function to replace an HSM-enabled DNS Server with a new server of the same type.

1. From the configuration drop-down menu, select a configuration.
2. Select the Servers tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
3. Under Servers, click a server name. The Details tab for the server opens.
4. Click the server name menu and select Replace.
5. Under Server, confirm the Management Interface IP address, hostname, and password.
   Note: The new server must have the same Management Interface IP address, hostname, password, and management style (that is, Dedicated Management enabled or disabled) as the server it replaces.

   • Name—enter the name for the server. This name is used only in the Address Manager user interface and isn't associated with deployed DNS data.
   • Management Interface—enter the IPv4 or IPv6 address configured on the eth0 interface in the BDDS Administration Console. If Dedicated Management is enabled, enter the IPv4 or IPv6 address configured on the eth2 interface.
     Note: If editing a server, the Management Interface field is only available after you have first disabled the managed DNS/DHCP Server. If you want to change the IP address of the Management interface (eth2), you must first re-configure the IP address of the Management interface using the DNS/DHCP Server Administration Console, disable the server in Address Manager, then edit the server with the new IP address.
   • Hostname—The host name used for the server on the network. For example, myhost.example.com
   • Upgrade to latest version—by default, this option is deselected. This provides a safe environment to add a DNS/DHCP Server in Address Manager without applying an unintentional software update. Select the check box only if you want to apply the latest version of DNS/DHCP Server software once the appliance is under Address Manager control.
     Note: BlueCat recommends upgrading the DNS/DHCP Server software only after first adding the server to Address Manager. Add the server without selecting the Upgrade to latest version check box. After the server has been added to Address Manager, upgrade the server software. For details, refer to Upgrading DNS/DHCP Server software.
   • Reset service on remote DNS/DHCP Server—by default, this option is deselected. This allows you to replace the DNS/DHCP Server while maintaining existing configurations for DNS, DHCP, and TFTP services. Select the check box only if you have modified the IPv4 or IPv6 addresses of the Service interface or want to reset configurations for DNS, DHCP, and TFTP services on the DNS/DHCP Server.
     Note: Resetting DNS/DHCP Server services will result in a service outage. This service outage will last until you have deployed services to the replacement system.

     Only reset DNS/DHCP Server services if you are replacing the DNS/DHCP Server with a new appliance of a different type or reconfiguring the IPv4 or IPv6 addresses of the Service interface on the appliance. BlueCat recommends that you schedule a maintenance window before performing a reset of DNS/DHCP Server services.

   • Password—enter the server password. You must enter a password in order to click the Detect Server Settings button. For more information on the default server password, refer to BlueCat default login credentials (you must be authenticated to view this topic).
6. Click Detect Server Settings. Address Manager will check the DNS/DHCP Server software version, interface count, state of Dedicated Management, IP address, and redundancy scenario (4-port appliances only).
7. OPTIONAL: Complete the following (available fields depend on the number of interfaces of your DNS/DHCP Server):
   • Services Interface—the following fields are automatically populated based on the current configuration set through the DNS/DHCP Server Administration Console.
     • Primary IPv4 Services Address and Netmask—read-only. This is the IPv4 address and netmask that will be used only for services traffic such as DNS, DHCP, DHCPv6 and TFTP (3 and 4-port appliances only).
     • Primary IPv6 Services Address and Subnet—read-only. Displays the IPv6 service address and subnet previously configured through the DNS/DHCP Server Administration Console.
   • xHA Backbone—select the check box if you want to configure the xHA interface and specify the IPv4 or IPv6 address and netmask/subnet to be used.
     Note: When configuring an IPv6 address for the xHA backbone, the prefix must be set between the accepted CIDR range of 64 to 127.
   • Enable Redundancy—select the check box to enable networking redundancy (4-port appliances only) or deselect to disable network redundancy. From the Scenario drop-down menu, select either Active/Backup or Active/Active (802.3ad).
     Note: You can't enable network redundancy from the Add Server page if any VLAN interfaces are present on the Service interface (eth0). If necessary, remove any configured VLAN interfaces using the DNS/DHCP Server Administration Console, then add the server to Address Manager and enable network redundancy. Once the server is under Address Manager control you can configure VLAN interfaces from the Address Manager user interface (Servers > Service Configuration > Interfaces).

     If you require VLAN Tagging with port bonding, you must first enable bonding then immediately configure VLAN interfaces.

   • Enable encrypted notifications—encryption of notifications is disabled by default. Select the check box to enable encrypted notifications between Address Manager and DNS/DHCP servers.
     Note:

     • The Enable encrypted notifications check box is available only for BDDS v9.4.0 or greater.
     • This check box only appears after detecting server settings.
     • The ability to toggle the notifications channel between encrypted/unencrypted will be removed in a future release of Address Manager; all communications related to notifications between Address Manager and DNS/DHCP Servers will be encrypted by default with no option to disable encryption.
     • Encrypted notification requires certain ports to be opened on the firewall, see Address Manager service ports for more information.
8. OPTIONAL: Under Monitoring Settings, select the following (only available if the DNS/DHCP Server Monitoring Service is enabled):
   • Using default monitoring setting [Enabled]—selected by default. Leave selected to use the DNS/DHCP Server monitoring settings configured for the configuration.
   • Override global monitoring setting—select to set custom monitoring settings for the server, then select Monitor this Server and configure the following SNMP Parameter settings:
     • Version—select the SNMP version for the monitored servers.
     • Port Number—indicates the SNMP port BAM uses to communicate with the monitored servers. The default port is 161. You can't change the port.
     • Community String—type the SNMP Community String used for authentication and click Add. The Community String appears in the list. You can add up to 100 Community Strings to the list. Strings are used in the order presented in the list. To remove a string, select it from the list and click Remove. To change the order of items in the list, select an item in the list and click Move up or Move down.
9. Under HSM Support, complete the following:
   • Select the check box, Enable HSM Support. The Add Server page refreshes to show your HSM configuration and a drop-down menu of HSM servers.
   • From the HSM Servers drop-down menu, select an HSM server and click Add. Repeat this step to add multiple HSM servers.
   • To re-order the hierarchy of the HSM servers in the list, select an HSM server and click Move Up or Move Down. The HSM server at the top of the order will be the Primary; HSM servers below the Primary will be the Secondary, Tertiary. Click Remove to delete an HSM server from the list.
10. Under Change Control, add comments, if required.
11. Click Replace.
12. Deploy the configuration to the replaced server to ensure proper operation of services.