The Key Split Quorum Authentication dialog will appear for actions that require a quorum. The change to the OKM cluster only occurs after you provide a sufficient quorum of Key Split Credentials (not when you click Save).
If you do not provide a sufficient quorum in the Key Split Quorum Authentication dialog box, two different outcomes can occur depending on the replication version:
| Replication Version: | Result: |
|---|---|
| 10 or lower | The operation fails and no information is updated in the OKM cluster. |
| 11 or higher | The operation becomes pending. That is, the system adds the operation to a list of pending quorum operations (see "View Pending Operations"). A popup message appears when the operation is added to this list.
No information is updated in the OKM cluster until users with the Quorum Member role (Quorum Member users) log in and provide a sufficient quorum. |
Available to:
Security Officer
Procedures:
In the left navigation menu, expand Security, then expand Core Security, and then select Key Split Configuration.
Available to:
Security Officer
Procedures:
In the left navigation menu, expand Security, then expand Core Security, and then select Key Split Configuration. Click Modify...
Complete the following:
Key Split Number — The number of key splits. The maximum is 10.
Threshold Number — The number of users that are necessary to authenticate a quorum.
Split User (1-10) — The user names of the existing split. For each Split User, complete its associated Passphrase and Confirm Passphrase fields.
Click Save.
To set "new" credentials requires the existing Quorum. Within the Key Split Quorum Authentication dialog, the existing quorum must type their usernames and passphrases to authenticate the operation. See "Key Split Quorum Authentication" for more information.
Note:
The Core Security Key material is re-wrapped using the updated Key Split credentials.Create a new Core Security backup (see "Create a Core Security Backup").
IMPORTANT:
Destroy all old Core Security backup files to ensure that the previous Key Split Credentials cannot be used to destroy a backup.Available to:
Quorum Member
Security Officer
Procedures:
From the Secure Information Management menu, select the Pending Quorum Operation List.
To view details, select an operation, and then click Details...
To get more information about this particular pending quorum operation, you can filter audit events displayed in the Audit Event List panel (see "View and Export Audit Logs").
Navigate to the Audit Event List panel.
Define a filter with the Operation filter set to Add Pending Quorum Operation. If you have several pending quorum operations, you may want to define another filter with Created Date specifying a time period around the Submitted Date of this particular pending quorum operation.
Click the Use button to display those audit events that match this filter. The Message Values field of the filtered audit event should contain more information about the pending quorum operation.
Other users who have the Quorum Member role can also log in separately and approve a pending quorum operation. When a sufficient quorum of Key Split Credentials approves the pending quorum operation, then the OKM cluster performs the operation. Pending quorum operations expire when not enough key split users approve an operation within the Pending Operation Credentials Lifetime.
Available to:
Quorum Member
Procedures:
From the Secure Information Management menu, select the Pending Quorum Operation List.
Click Approve Pending Operation.
Enter the quorum user names and passphrases to authenticate the operation.
If you do not immediately provide a sufficient quorum of Key Split Credentials, the system adds the operation to a list of pending quorum operations.