Black Box ET0010A User Manual
EncrypTight Component Connections
EncrypTight User Guide
29
External ETKMS to ETKMS Connections
ETKMSs must be able to communicate with each other in two situations:
●
Backup ETKMSs are used for redundancy
●
Multiple ETKMSs share policy information and keys to distribute to the PEPs that they control
This section addresses the connections between two or more external ETKMSs. If you also use a local
ETKMS, the basic principles discussed here still apply.
ETKMS, the basic principles discussed here still apply.
If the ETKMSs are on the same subnetwork, the ETKMS to ETKMS interconnection is straightforward.
ETKMSs communicate with each other using the Ethernet ports on each ETKMS. For large, dispersed
networks, multiple ETKMSs must be able to share keys with each other. The connections between
ETKMSs depend on the network type: IP network or Ethernet network.
ETKMSs communicate with each other using the Ethernet ports on each ETKMS. For large, dispersed
networks, multiple ETKMSs must be able to share keys with each other. The connections between
ETKMSs depend on the network type: IP network or Ethernet network.
This section includes the following topics:
●
●
●
Connections for Backup ETKMSs
In some EncrypTight configurations a pair of ETKMSs, a primary ETKMS and a secondary ETKMS, are
used to provide network redundancy. The ETPM distributes the policies to both the primary ETKMS and
backup ETKMS. Only the primary ETKMS distributes the keys and policies to the PEPs. If the backup
ETKMS detects a communication failure with the primary ETKMS due to a ETKMS failure or network
failure, the backup ETKMS assumes the generation and distribution of the keys and policies to the PEPs.
Once communication with the primary ETKMS is reestablished, the primary resumes the distribution of
the keys and policies to the PEPs.
used to provide network redundancy. The ETPM distributes the policies to both the primary ETKMS and
backup ETKMS. Only the primary ETKMS distributes the keys and policies to the PEPs. If the backup
ETKMS detects a communication failure with the primary ETKMS due to a ETKMS failure or network
failure, the backup ETKMS assumes the generation and distribution of the keys and policies to the PEPs.
Once communication with the primary ETKMS is reestablished, the primary resumes the distribution of
the keys and policies to the PEPs.
Backup ETKMSs should be external ETKMSs. Using a local ETKMS as a backup ETKMS is not
recommended. If you use backup ETKMSs, the backup ETKMS must be able to check the status of the
primary ETKMS so that it can take over operations in the event of a communication failure. It is
recommended that you locate the backup ETKMS and the primary ETKMS together. The primary and
backup ETKMSs communicate using the Ethernet ports on each ETKMS.
recommended. If you use backup ETKMSs, the backup ETKMS must be able to check the status of the
primary ETKMS so that it can take over operations in the event of a communication failure. It is
recommended that you locate the backup ETKMS and the primary ETKMS together. The primary and
backup ETKMSs communicate using the Ethernet ports on each ETKMS.
Also keep in mind the following:
●
Both the primary ETKMS and the backup ETKMS must be able to communicate with the same PEPs.
●
Each ETKMS can only use one backup ETKMS. Similarly, each backup ETKMS can only serve as a
backup to one ETKMS.
backup to one ETKMS.
●
Backup ETKMSs must use the same type of IP address as the primary ETKMS. For example, if the
primary uses an IPv6 address, the backup ETKMS must use an IPv6 address.
primary uses an IPv6 address, the backup ETKMS must use an IPv6 address.
●
You do not explicitly add backup ETKMSs to the Appliance Manager in ETEMS and they are not
listed in that window. Instead, you specify a backup ETKMS when you add a primary ETKMS in
ETEMS, and only the primary ETKMS is listed in the Appliance Manager.
listed in that window. Instead, you specify a backup ETKMS when you add a primary ETKMS in
ETEMS, and only the primary ETKMS is listed in the Appliance Manager.