hagroup synchronize

Synchronize an HA group or enable/disable key synchronization for key export applications.

Syntax

hagroup synchronize -group <label_or_serialnum> [-password <password>] [-enable | -disable]

Option Shortcut Description
-disable -d

Disable synchronization for this HA group. This option allows you to disable synchronization on HA groups that use HSMs configured for key export (KE) to wrap asymmetric private RSA keys. In this model, you create your symmetric wrapping keys, which are synchronized to each member of the HA group. After synchronizing the symmetric wrapping keys, you disable synchronization and begin creating your asymmetric RSA keys. If one of the HA members fails, the remaining members are still able to generate and wrap asymmetric private RSA keys using the synchronized symmetric wrapping key.

-enable -e Enable synchronization for this HA group. Synchronization is enabled by default. You require this setting only if you wish to re-enable synchronization on an HA group where synchronization was previously disabled. For example, to create and synchronize a new symmetric wrapping key.
-group <label_or_serialnum> -g Label or serial number for the HA group being synchronized.
-password <password> -p Password for the group.

Example

lunacm:> hagroup synchronize -group myHAgroup
 
        Enter the password: ********
 
        Synchronization completed.
 
Command Result : No Error
 
 
 
lunacm:> hagroup synchronize -group myHAgroup -disable
 
        HA synchronization disabled
 
        No synchronization performed/needed.
 
Command Result : No Error