Domain
The Replication Domain is the logical set of HSMs that make up a pool of nodes operating with active replication. To belong to a Replication Domain, the HSMs must use the same Server Master Key and be in the same operating mode.
Info
All nodes in the pool must run the same firmware version. Running different versions is not recommended without prior consultation with the HSM manufacturer or distributor.
New Domain
To start creating a Domain, choose one of the HSMs in the pool. The first HSM has its database preserved; from the second HSM onwards to join the pool, the database will be overwritten with data from the HSMs already in the pool, which by definition must be the same (they are replicas). The HSM service must be running.
Each HSM can belong to only one Domain at a time, and several Domains can coexist seamlessly on the same network segment, as long as the above conditions are met.
In the 1st HSM, choose the Domain option, select the New / Del button and press EnterThisscan is always carried out by the HSM, even in the case of the 1st node; in principle there is no distinction between whether the HSM is starting a new Domain or joining an existing one. In the case of the 1st HSM, no existing Domains should be found, so the operator must create a new one; to do this, he selects the New button and then enters a name for the Domain, which is textual and freely chosen by the operator (alphanumeric characters are accepted, without spaces, and case sensitive). Once the Domain has been created, the system asks whether the current HSM should join the newly created Domain; if the Join is confirmed, the process is complete; if the answer is negative, the newly created Domain will be removed, as there is no Replication Domain without component nodes.
Dinamo - Local Management Console
┌─────────────┤ Domain ├─────────────┐
│ │
│ │
│ │
│ │
│ │
│ │
│ ┌─────────┐ ┌─────────┐ │
│ │ New │ │ Close │ │
│ └─────────┘ └─────────┘ │
│ │
└────────────────────────────────────┘
Service stopped Replication Domain: <none> Dinamo - Local Management Console
┌───────────┤ Neighborhood Scan ├───────────┐
│ │
│ │
│ Please, wait... │
│ 56% │
│ │
│ │
│ │
└─────────────────────────────────────────────┘
Service stopped Replication Domain: <none> Dinamo - Local Management Console
┌─────────────┤ Domain ├─────────────┐
│ │
│ │
│ │
│ │
│ │
│ │
│ ┌─────────┐ ┌─────────┐ │
│ │ New │ │ Close │ │
│ └─────────┘ └─────────┘ │
│ │
└────────────────────────────────────┘
Service stopped Replication Domain: <none>In the 2nd HSM, as in the previous step, choose the Domain option, select the New / Del button and press EnterIf IP multicast is enabled on the network segment where the 2nd and 1st HSMs are located, thisscan will find the announcement of the Domain already created on the 1st HSM and list it. In this case, all the operator has to do is choose theJoin option. The system will then ask for double confirmation to reset the 2nd HSM 's database and overwrite it with the 1st HSM's database. If the operator confirms the operation and authenticates correctly, at the end of the process the HSMs will have the Replication operation configured, the databases synchronized and ready to operate replicating. The process of adding the 2nd HSM sends a sensitization signal to the 1st HSM, so all pre-existing nodes automatically update their node lists to include the incoming node.
In the 3rd HSM and subsequent HSMs, the process is exactly the same as in the 2nd HSM.
Dinamo - Local Management Console
┌───────────┤ Found Domains ├────────────┐
│production │
│ │
│ │
│ │
│ │
│ │
│ │
│ │
│ │
│ ┌───────┐ ┌───────┐ ┌────────┐ │
│ │ Close │ │ New │ │ Join │ │
│ └───────┘ └───────┘ └────────┘ │
│ │
└────────────────────────────────────────┘
Service running... Replication Domain: <none> Dinamo - Local Management Console
┌─────────────────┤ Database Live Sync ├──────────────────┐
│ │
│ IMPORTANT NOTE │
│ │
│ In order to continue, the HSM database │
│ will be fully overwritten. │
│ │
│ Are you sure you want to proceed? │
│ │
│ ┌────┐ ┌─────┐ │
│ │ No │ │ Yes │ │
│ └────┘ └─────┘ │
│ │
│ │
└─────────────────────────────────────────────────────────┘
Service running... Replication Domain: <none> Dinamo - Local Management Console
┌─────────────┤ Domain ├─────────────┐
│ │
┌─────────────┤ Discovering Peers ├─────────────┐
│ │
│ Please, wait.. │
│ 83% │
│ │
│ │
└───────────────────────────────────────────────┘
Service running... Replication Domain: <none> Dinamo - Local Management Console
┌─────────────┤ Domain ├─────────────┐
│ │
│ │
│ production │
│ │
│ │
│ │
│ ┌─────────┐ ┌─────────┐ │
│ │ Del │ │ Close │ │
│ └─────────┘ └─────────┘ │
│ │
└────────────────────────────────────┘
Service running... Replication Domain: productionAdding Nodes Manually
In environments where it is not possible to use the SLP protocol with IP multicast for automatic discovery (auto-discovery) of the nodes in the Domain, the addition of nodes must be done manually. The SLP protocol is only used for auto-discovery; it is not necessary for routine replication operations.
The creation of the Domain in the 1st HSM for environments without multicast IP is done in exactly the same way as described above. In the 2nd HSMafter selecting the New / Del, the scan (Neighborhood Scan) will be made, but the Domain created will not be found. The operator must then use the New and create a new Domain with preferably the same name as the 1st one. HSM.
Info
The Domain name is an administrative convenience for grouping related nodes. What effectively defines the operation of replication is firstly whether the conditions mentioned above are met (same Server Master Key and operating mode), and secondly whether the nodes are in the HSM replication list, either by automatic or manual entry.
Continuing with the 2nd HSM, the operator must go to the Node List option in the Replication menu and manually add the IP of the 1st HSM. Next, the operator must synchronize the databases, i.e. make the database of the 2nd HSM a replica of the 1st; to do this, use the Database Live Sync option in the Replication menu. We recommend that you then use the Test option on the 1st HSM. Before carrying out any operation involving replication (creating keys or users, for example) check that the keys are synchronized by consulting and comparing the value displayed in the Sync Point option in the Replication menu; it should be the same on both devices. On the 3rd and subsequent HSM and subsequent HSMs, the procedure is the same as for the 2nd HSM.
Dinamo - Local Management Console
┌─────────────────────┤ Node List ├──────────────────────┐
│ │
│ ┌────────────────────────────────────────────────────┐ │
│ │ ↑ │ │
│ │ ░ │ │
│ │ ▒ │ │
│ ┌────────────────┤ Enter new node: ├─────────────────┐ │
│ │ │ │
│ │ │ │
│ │ {ip} │ │
│ │ 172.17.0.2___________________________________ │ │
│ │ │ │
│ │ ┌────┐ │ │
│ │ │ OK │ │ │
│ │ └────┘ │ │
│ │ │ │
│ └────────────────────────────────────────────────────┘ │
│ │
│ │
└────────────────────────────────────────────────────────┘
Service running... Replication Domain: <none> Dinamo - Local Management Console
┌─────────────────────┤ Node List ├──────────────────────┐
│ │
│ ┌────────────────────────────────────────────────────┐ │
│ │ M 172.17.0.2 ↑ │ │
│ │ ░ │ │
│ │ ▒ │ │
│ │ ▒ │ │
│ │ ▒ │ │
│ │ ▒ │ │
│ │ ▒ │ │
│ │ ↓ │ │
│ └────────────────────────────────────────────────────┘ │
│ │
│ A - Auto Discovered M - Manual Entry │
│ │
│ ┌──────────┐ ┌──────┐ ┌───────┐ ┌───────┐ ┌───────┐ │
│ │ Discover │ │ Test │ │ Add │ │ Del │ │ Close │ │
│ └──────────┘ └──────┘ └───────┘ └───────┘ └───────┘ │
│ │
└────────────────────────────────────────────────────────┘
Service running... Replication Domain: <list>When the configuration of the nodes in the Replication Domain is done manually, it is advisable to monitor the first replicated operations to make sure that all the steps have been followed and the HSMs in the pool are replicating with everyone.
Knot Removal
An operational and active node can be removed from the Domain via the Local Console asymmetrically or via the Remote Console using the Node Down.
The procedure between the two differs in the way the remaining nodes are updated about the node's exit, so that they can update their node lists.
- Stop the service of the node to be removed;
- In the Domains configuration, where the Domain to which the node belongs appears, select the New / Del button and confirm the removal; nodes that have been automatically entered in the Node List will also be removed automatically, while nodes with manual entries must be removed manually.
-
Depending on whether you are operating locally or remotely:
- If you are using the Remote Console, on any of the remaining nodes open a session via the Remote Console, and using the Replication menu, in the Notify Node Down option enter the option corresponding to the IP address of the outgoing node. TheTermination Protocol (TP) will be triggered and the Node Down notification will be transmitted to all the nodes in the pool so that they can update their lists.
- If you are using the Local Console on each of the nodes that are part of the Local Console Domain, use the Discover button in the Node List option of the Replication menu, if it is possible to use the SLP protocol with IP multicast; if not, remove the IP of the outgoing node with the Del button on the same Node List screen.
Danger
Nodes entered via manual addition will only be removed via manual removal by the operator.