Create an Agent
Create an agent to allow it to access the cluster.
Available to: Operator
- From the Agents menu, select Agent List. Click Create...
- On the General tab, complete the following:
- Agent ID — Uniquely identifies the agent (between 1 and 64
characters).
Note:
Agent IDs cannot be changed once created. If you replace the agent, you can reuse the name. However, passphrases can only be used once. You will need to give the agent a new passphrase. - Description — Describes the agent (can be between 1 and 64 characters).
- Site ID (optiona) — Select a site from the drop-down list.
- One Time Passphrase (checkbox) — If selected, the agent cannot
retrieve its X.509 certificate without resetting its passphrase and
re-enrolling with its agent ID and new passphrase. This is the default.
If unselected, then the agent can retrieve its X.509 certificate at any time, use CA and certificate services, and successfully authenticate through its agent ID and passphrase.
Tape drive agents should specify the default value. PKCS#11-type agents will find this setting to be more convenient, especially in cluster configurations where users may authenticate to the OKM from multiple nodes.
- Default Key Group ID — If you also have Compliance Officer privileges, click the down-arrow and highlight the default key group. You should define a default key group so that this agent can use keys in this key group to encrypt and decrypt data. See Assign Key Groups to an Agent for instructions on how to enable this agent to use keys in other key groups to decrypt data (read only).
- Agent ID — Uniquely identifies the agent (between 1 and 64
characters).
- On the Passphrase tab, enter a passphrase. For requirements, see Passphrase Requirements.
- Click Save.
- Complete the agent-specific enrollment procedure using the agent-specific interface. For example, for StorageTek drives, you must use the VOP (Virtual Operator Panel) to complete the enrollment procedure.