hagroup synchronize
Synchronize an HA group or enable/disable key synchronization for key export applications. This command is only required if you have declined to use auto-recovery with your HA group.
NOTE If you are using HSM Client 10.4.0 or newer and run this command to synchronize an HA group with a mix of FIPS and non-FIPS partitions as members, any non-FIPS keys will fail to replicate to the FIPS member(s). An error is returned when this occurs, but lunaCM synchronizes everything else.
Syntax
hagroup synchronize -group <label_or_serialnum> [-password <password>] [-enable | -disable]
Argument(s) | Shortcut | Description |
---|---|---|
-disable | -d |
Disable synchronization for this HA group. This option allows you to disable synchronization on HA groups that use HSMs configured for key export (KE) to wrap asymmetric private RSA keys. In this model, you create your symmetric wrapping keys, which are synchronized to each member of the HA group. After synchronizing the symmetric wrapping keys, you disable synchronization and begin creating your asymmetric RSA keys. If one of the HA members fails, the remaining members are still able to generate and wrap asymmetric private RSA keys using the synchronized symmetric wrapping key. |
-enable | -e | Enable synchronization for this HA group. Synchronization is enabled by default. You require this setting only if you wish to re-enable synchronization on an HA group where synchronization was previously disabled. For example, to create and synchronize a new symmetric wrapping key. |
-group <label_or_serialnum> | -g | Label or serial number for the HA group being synchronized. |
-password <password> | -p | Password for the group. |
Example
lunacm:> hagroup synchronize -group myHAgroup Enter the password: ******** Synchronization completed. Command Result : No Error lunacm:> hagroup synchronize -group myHAgroup -disable HA synchronization disabled No synchronization performed/needed. Command Result : No Error