Enabling Additional Sites to Use the KM Server
You can enable advanced security in additional sites in your organization by configuring any server in the site. However, you should give careful consideration to how you configure advanced security when enabling additional KM servers in sites within your organization. Some configurations can result in the inability of users to recover their security key from the key management database.
Note The Site Encryption Configuration object can detect whether a KM server has been installed in another site based on the existence of the CA object in the Configuration container for that site. When you install the KM server, the CA object is created. Before configuring one Site Encryption Configuration object, verify that you can see the Configuration container for the other sites in your organization.
There are two scenarios that can occur when determining how to enable advanced security in additional sites:
- A KM server does not exist in the current site, and the Site Encryption Configuration object is not configured with a KM server (the KM Server box in the General property page of the Site Encryption Configuration object is blank).
- When you choose Choose Site in the General property page on the Site Encryption Configuration object, all KM servers in the organization are listed in the Key Management Server dialog box.
- A KM server does not exist in the current site, but the Site Encryption Configuration object has been configured with a KM server and you want to configure the Site Encryption Configuration object to point to another KM server.
- When you choose Choose Site in the General property page on the Site Encryption Configuration object, all KM servers in the organization are listed in the Key Management Server dialog box with the current KM server selected. If you select another KM server and choose OK, a message appears to warn you that security keys for existing users in your site may be unrecoverable if you configure the current site to use a different KM server.
Caution Configuring existing users in your site to use a different KM server is not recommended because security keys may be unrecoverable.
Complete the following procedure to enable advanced security in additional sites.
- In the Administrator window, choose Configuration in the site where the KM server is located.
- Double-click Site Encryption Configuration.
- In the Key Management Server Passwords box, type the advanced security administrator password, and then choose OK (if prompted).
- Select the General tab.
- Choose Choose Site.
- Select a site to enable a KM server.
Option
| Description
|
Site name |
Displays the name of the site where the KM server resides. |
Server name |
Displays the name of the KM server residing at a site in your organization. |