Go to content

Domain

The Replication Domain is the logical set of HSMs that make up a pool of nodes operating with active replication. To belong to a Replication Domain, the HSMs must use the same Server Master Key and be in the same operating mode.

Info

All nodes in the pool must run the same firmware version. Running different versions is not recommended without prior consultation with the HSM manufacturer or distributor.

New Domain

To start creating a Domain, choose one of the HSMs in the pool. The first HSM has its database preserved; from the second HSM onwards to join the pool, the database will be overwritten with data from the HSMs already in the pool, which by definition must be the same (they are replicas). The HSM service must be running.

Each HSM can belong to only one Domain at a time, and several Domains can coexist seamlessly on the same network segment, as long as the above conditions are met.

In the 1st HSM, choose the Domain option, select the New / Del button and press ENTER, then aNeighborhood Scan will be carried out looking for existing Domains; this scan is always carried out by the HSM, even in the case of the 1st node; in principle there is no distinction to define that the HSM is starting a new Domain or joining an existing one. In the case of the 1st HSM, no existing Domains should be found, so the operator must create a new one; to do this, he selects the New button and then enters a name for the Domain, which is textual and freely chosen by the operator (alphanumeric characters are accepted, without spaces, and case sensitive). Once the Domain has been created, the system asks whether the current HSM should join the newly created Domain; if the Join is confirmed, the process is complete; if the answer is negative, the newly created Domain will be removed, as there is no Replication Domain without component nodes.

Initial screen for setting up the Replication Domain in the 1st HSM

Initial screen for setting up the Replication Domain in the 1st HSM

Neighborhood scanning for Replication Domains

Neighborhood scanning for Replication Domains

Creation of a new Replication Domain in the 1st HSM

Creation of a new Replication Domain in the 1st HSM

On the 2nd HSM, as in the previous step, choose the Domain option, select the New / Del button and press ENTER, then aNeighborhood Scan will be performed looking for existing Domains; if IP multicast is enabled on the network segment where the 2nd and 1st HSMs are located, this scan will find the announcement of the Domain already created on the 1st HSM and list it. In this case, all the operator has to do is choose theJoin option. The system will then ask for double confirmation to reset the 2nd HSM's database and overwrite it with the 1st HSM's database. If the operator confirms the operation and authenticates correctly, at the end of the process the HSMs will have the Replication operation configured, the databases synchronized and ready to operate replicating. The process of adding the 2nd HSM sends a sensitization signal to the 1st HSM, so all pre-existing nodes automatically update their node lists to include the incoming node.

In the 3rd HSM and subsequent HSMs, the process is exactly the same as in the 2nd HSM.

Result of the neighborhood scan in the 2nd HSM

Result of the neighborhood scan in the 2nd HSM

Database overwrite warning and confirmation

Database overwrite warning and confirmation

Automatic discovery of nodes for base synchronization

Automatic discovery of nodes for base synchronization

Domain configuration completed at 2nd HSM

Domain configuration completed at 2nd HSM

Adding Nodes Manually

In environments where it is not possible to use the SLP protocol with IP multicast for automatic discovery (auto-discovery) of the nodes in the Domain, the addition of nodes must be done manually. The SLP protocol is only used for auto-discovery; it is not necessary for routine replication operations.

The creation of the Domain in the 1st HSM for environments without multicast IP is done in exactly the same way as described above. In the 2nd HSM, after selecting the New / Del, the scan (Neighborhood Scan) will be made, but the Domain created will not be found. The operator must then use the New and create a new Domain with preferably the same name used in the 1st HSM.

Info

The Domain name is an administrative convenience for grouping related nodes. What effectively defines the operation of replication is firstly whether the conditions mentioned above are met (same Server Master Key and operating mode), and secondly whether the nodes are in the HSM replication list, either by automatic or manual entry.

Continuing with the 2nd HSM, the operator must go to the Node List option in the Replication menu and manually add the IP of the 1st HSM. Next, the operator must synchronize the databases, i.e. make the database of the 2nd HSM a replica of the 1st; to do this, use the Database Live Sync option in the Replication menu. We recommend that you then use the Test option on the 1st HSM. Before carrying out any operation involving replication (creating keys or users, for example) check that the keys are synchronized by consulting and comparing the value displayed in the Sync Point option in the Replication menu; it should be the same on both devices. On the 3rd and subsequent HSM and subsequent HSMs, the procedure is the same as for the 2nd HSM.

Adding a Domain node IP address manually

Adding a Domain node IP address manually

List of nodes with manually added address

List of nodes with manually added address

When the configuration of the nodes in the Replication Domain is done manually, it is advisable to monitor the first replicated operations to make sure that all the steps have been followed and the HSMs in the pool are replicating with everyone.

Removing a node

An operational and active node can be removed from the Domain via the Local Console asymmetrically or via the Remote Console using the Node Down.

The procedure between the two differs in the way the remaining nodes are updated about the node's exit, so that they can update their node lists.

  1. Stop the service of the node to be removed;
  2. In the Domains configuration, where the Domain to which the node belongs appears, select the New / Del button and confirm the removal; nodes that have been automatically entered in the Node List will also be removed automatically, while nodes with manual entries must be removed manually.
  3. Depending on whether you are operating locally or remotely: a. If you are using the Remote Console, on any of the remaining nodes open a session via the Remote Console, and using the Replication menu, in the Notify Node Down option enter the option corresponding to the IP address of the outgoing node. TheTermination Protocol (TP) will be triggered and the Node Down notification will be transmitted to all the nodes in the pool so that they can update their lists. b. if you are using the Local Console on each of the nodes that are part of the Local Console Domain, use the Discover button in the Node List option of the Replication menu, if it is possible to use the SLP protocol with IP multicast; if it is not possible, remove the IP of the outgoing node with the Del button on the same Node List screen.

Danger

Nodes entered via manual addition will only be removed via manual removal by the operator.