2 Replies Latest reply: Jan 25, 2012 5:07 AM by Dmitri Voronov RSS

    Vault management

    Dmitri Voronov Novice

      Hi all,

       

      the server/host level is currently not managable over e.g. DMR.

      It would make sence to have such a possibility e.g. for refreshing the vault's state by reloading keys from ENC and shared.dat

        • 1. Re: Vault management
          Anil Saldhana Master

          At this time, the vault contents are not distributed automatically. I had a chat with the AS7 architects at the time of the vault and the distribution of vault automatically across a domain was not accepted.

           

          The idea is that within a domain, the vault has to be copied over by the administrator to each machine to bring in the homegeneous nature.

           

          If the vault exists when a node comes up, it does read the vault state.

           

          I understand about what you are asking - to refresh the vault on a running instance.

          • 2. Re: Vault management
            Dmitri Voronov Novice

            It would be a very useful feature.

             

            Generally I'm trying to find/recongise a way for using the vault in a domain environment with multiple hosts, server groups using different profiles and belonging to different owners/tenants.

            Should they all use the same keystore?

            What if the tenants want to use different keystores/vault?

            Wouldn't it be better to place the vault to profile of a certain tenant? I think yes, because at the moment all profile depend on a single server/host vault.

            And many other questions regarding vault - domain - profile(s) - server group(s).