Software Based Key - Auto Startup
In this scheme, master key is generated using a software crypto source and protected by ADSS Server. It is a good practice to renew your key after regular intervals in order to ensure security. Also, the user can take backups of the master key that will be explained later below.
To renew the master key, follow the instructions below:
Pre-requisites
There are some pre-requisites that must be taken care of before renewing the master list. These include:
- Take the backup of database and <ADSS-INSTALLATION-DIR>\conf\adss_startup.properties.
- If other instances are running in load balance mode, make sure all instances are alive and connected so that required information can be synchronized with other instances after renewal of master key.
- Increase console session timeout to 15 or more minutes by going to Global Settings > Miscellaneous.
Once pre-requisites are satisfied, we can carry on with our configurations. To renew the master key navigate to ADSS Console > Global Settings > System Security > Master Key Settings section. It will display the following screen:
In the above screen, the Master Key Type can be seen and if the user wants to receive alerts upon renewal or backup of master key, it is recommended to enable the alerts by marking the respective checkbox. Clicking on Renew Master Key button will lead you to the screen below:
Here, all the options will be displayed and the current option will appear as selected. The key can be renewed by using the same option or the user can switch to another option. The 'Software based key - Auto Startup' can be switched to:
- Software based key - M of N controls - Manual Startup (allowed)
- Software based key - Hardware based key - Manual Startup (allowed)
If the user has switched either to 'M of N controls - Manual Startup' or 'Hardware based key - Manual Startup', there are some steps that need to be performed after renewal. Click Here for more details. |
If the user has switched to another option, it will have to provide the relevant information in the respective fields. Clicking on the Next button will lead to the following screen:
At this stage, the Master Key has been generated, now the backup of the generated master key needs to be taken. Three users will be required to take backup of each component. Clicking on the backup button will lead you to the following screen:
Click on the OK button to download the newly generated key to the file system. On completion, the following screen will be shown confirming the backup of all the components with success message:
Clicking on the Next button will display the following screen:
Upon the renewal of master key, the required information has to be synchronized with other instances as well. The above screen shows the progress of synchronization of instances running in load balance mode. As soon as an instance is synchronized, a tick mark appears in the status column against that instance.
If the synchronization of information with any instance is failed, a cross will appear in the status column against that instance. The user can retry to synchronize with failed instance by clicking on Retry button. An example of the failed instance is shown in the image below:
In order to know the reason of failure, the user can check the <ADSS-INSTALLATION-DIR>\log\console\console.log file of ADSS Server and also the debug logs of that particular instance for which the failure has occurred. The issue can be resolved after knowing the reason of failure and taking appropriate steps for its resolution, but in case if the issue still presides and the user wants to conclude the renewal process, it can simply click on the Finish button. In this case the master key will be renewed but the local information will not be synchronized with the failed instance and they will appear on the System Security screen as a pending instance as shown in the screen below:
Here also, the user has an option to retry by clicking on Retry button. In a case where instance is not recovered even by trying again and again and is no longer required, then it can be deleted by navigating to ADSS Console > Server Manager. Restart all the instances i.e. Core, Console and Service in order for changes to take effect.
Backup Master Key
The Backup Master Key option will only be available for 'Software based key-Auto Startup' as in this case the Master Key is protected by ADSS itself. Clicking on the Backup Master Key button from the main screen will lead you to the following screen:
Similar to the renew process, three users will be required to take the backup of each component. Clicking on the backup button will lead you to the following screen:
Click on the OK button to download the newly generated key to the file system. On completion, the following screen will be shown confirming the backup of all the components with success message:
See also
Software Based Key With M of N Controls - Manual Startup
Hardware Based Key - Manual Startup