Managing DSM Domains
This section describes how to manage DSM domains on CCKM.
Before proceeding, make sure to fulfill prerequisites.
Adding DSM Domains
To add a DSM domain to CCKM:
Log on to the CipherTrust Manager GUI as administrator.
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > DSM Domains. The DSM Domains page is displayed.
Click Add Domain. The Add Existing Domain page is displayed.
From the Connection drop-down list, select the desired connection to the DSM.
From the Domain drop-down list, select the desired DSM domain. The drop-down list shows existing domains of the DSM linked to the selected connection.
Tip
Select multiple DSM domains to add them at once.
Click Add.
The DSM domain is added to CCKM.
A message Domain added successfully... is displayed on the screen.
Refreshing DSM Keys
Refreshing is the process of downloading keys created on the DSM domains to CCKM. Refresh can be achieved using any of the following ways:
Refreshing Specific Domains
To refresh a specific domain:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > DSM Domains. The DSM Domains page is displayed. This page displays the list of DSM domains.
Click the overflow icon () corresponding to the desired DSM domain and click Refresh Now.
A message Refresh started... is displayed on the screen. To cancel the refresh, click Cancel Refresh.
After successful refresh, the refreshed keys are listed on the Cloud Keys > DSM > DSM Keys page. Refer to Viewing DSM Keys for details.
Refreshing All Domains
To refresh all DSM domains:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > DSM Domains. The DSM Domains page is displayed. This page displays the list of DSM domains.
Click Refresh All. The "This may take a while..." message is displayed.
Note
Refreshing all DSM domains is a time intensive operation that could take several hours or days to complete. It will continue running in the background.
Click Refresh All to continue.
A message Refresh started... is displayed on the screen. To cancel the refresh, click Cancel Refresh.
The refreshed keys are listed on the Cloud Keys > DSM > DSM Keys page. Refer to Viewing DSM Keys for details.
Viewing/Editing Details of DSM Domains
The DSM Domains page shows the list of existing DSM domains. Search for domains by Domain Name or Connection.
Viewing DSM Domains Details
To view the details of DSM domains:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > DSM Domains. The DSM Domains page displays the following details.
Column Description Domain Name Name of the DSM domain. Click the link to view more details about the domain. Connection Name of the DSM connection. Admin Type Type of the DSM administrator linked with the domain. The type can be:
• SYSTEM_ADMIN
• DOMAIN_ADMIN
• SECURITY_ADMIN
• SECURITY_AND_DOMAIN_ADMIN
• ALL_ADMINLast Refreshed When the domain was last refreshed. Never
is displayed for domains that are never refreshed.Created At When the domain was created.
Click the Customize View () icon, select the desired option, and click OK to display the column.
Modifying DSM Domain Details
To modify the details of a DSM domain:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > DSM Domains. The DSM Domains page displays the list of added DSM domains.
Click the overflow icon () corresponding to the desired DSM domain and click View/Edit Details.
You can change the DSM connection and its description, and modify user/group permissions on the DSM domain. For details, refer to:
Changing the DSM Connection
To add permission for a user/group:
Expand GENERAL INFO.
From the Connection drop-down list, select the desired DSM connection.
Click Update.
A message Updated connection for this domain is displayed on the screen.
Managing User Permissions on DSM Domains
To work with DSM, users/groups must have the minimum set of permissions that allow them to use the DSM resources such as DSM keys and domains. Initially, the user only has permission to view the keys. However, if required, the CCKM administrator can grant and revoke permissions.
Note
Only the users who are member of the CCKM Users group will be granted permissions to perform operations on the DSM domain.
To add permission for a user/group:
Expand ACCESS CONTROL.
In the ACCESS CONTROL section, click Assign User/Group. The Assign User/Group screen is displayed.
From the User/Group drop-down list, select the user or group to be assigned permissions.
Click Save.
The newly added user/group is displayed under Name in the ACCESS CONTROL section.
CCKM allows the following operations on the DSM domains:
View Keys, Add Key, Edit Key, Delete Key
Refresh Domain
Remove
Granting Permission to Perform an Operation
To grant permissions to the user or group to perform any of the above mentioned operations:
Select the check box under the desired operation corresponding to the desired users or groups.
Click Update.
A message Updated access control for this domain is displayed on the screen.
Removing a Permission
To remove a permission assigned to a user or group:
Clear the check box under the desired operation corresponding to the desired users or groups.
Click Update.
A message Updated access control for this domain is displayed on the screen.
Removing Permission from a User/Group
To remove current permissions assigned to the user/group:
Under Remove, click the X button corresponding to the desired user/group. The Remove User / Remove Group screen is displayed.
Click Remove.
Note
Removing this user/group will remove all permissions currently assigned to the user/group. Are you sure you want to continue?
Click Remove.
A message Updated access control for this key domain is displayed on the screen.
Deleting DSM Domains
To delete a DSM domain:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > DSM Domains. The DSM Domains page displays the list of added DSM domains.
Click the overflow icon () corresponding to the desired DSM domain and click Delete. The Delete DSM Domain screen is displayed.
Warning
The deleted domain's keys will no longer be available on the DSM Keys page, but the keys will still exist on the DSM. If you later add this domain with the same ID, the keys will be available again.
Select I wish to delete this domain.
Click Delete Domain.
A message Domain deleted successfully is displayed on the screen.