Configure Key Transfer Partners
Each cluster must configure the other cluster as a partner before transferring keys.
Both partners must complete the following steps to configure the other cluster as a
partner:
Create and Send a Key Transfer Public Key
OKM signs key transfer files with the key transfer public key. Provide partners with the key transfer public key, so they can import key transfer files.
Available to: Security Officer
- In the left navigation tree, expand System Management, and then select Key Transfer Public Key List.
- Click Create...
- Provide the new key to all existing transfer partners:
- Select a Public Key in the list, and then click Details...
- Send this information to other cluster's administrator. Cut and paste the Public Key ID and Public Key into an e-mail or other agreed-upon form of communication. The exact communication method should be sufficiently secure.
Create the Transfer Partner
The administrator of the receiving cluster must enter the public key information provided by the partner cluster.
These procedures use the key information sent in Create and Send a Key Transfer Public Key.
Available to: Security Officer (requires a quorum)
Assign Key Groups to a Transfer Partner
The administrator must assign key groups for the transfer partner.
This process accomplishes the same result as Assign a Transfer Partner to a Key Group.
Available to: Compliance Officer, Operator (can view-only)
- In the left navigation area, expand Transfer Partners, and then select Key Group Assignment to Transfer Partners.
- Select a Transfer Partner in the "Transfer Partner" column.
- Move key groups between the "Allowed Key Groups" or the "Disalowed Key Group" column. To move, highlight the key group, and then click < or > to allow or disallow access.