KeySafe5 Agent Requirements

Beginning with 10.5.1, you can use KeySafe5 for your nShield HSMs using the Cryptographic Security Platform Vault Management webGUI and Cryptographic Security Platform Compliance Manager webGUI. KeySafe5 contains an agent that runs on HSM clients and a GUI that allows remote management of setup and configuration tasks, provides visibility into the status of your nShield Security World, and allows real-time and historical monitoring.

To use KeySafe5 GUI, you must have the following: 

• An nShield HSM must be enabled.

• Your Cryptographic Security Platform Vault Management webGUI must be connected as an Appliance Cluster in the Cryptographic Security Platform Compliance Manager webGUI.

• Anytime your Cryptographic Security Platform Compliance Manager is disconnected and reconnected, you will need to disable and re-enable the KeySafe5 agent in the Cryptographic Security Platform Vault Management webGUI.

• The KeySafe5 agent only runs on the primary node of the cluster.

• When you view the KeySafe5 GUI, the agent appears with the hostname of the cluster primary node. Even if you delete the primary node, the KeySafe5 agent name remains the same in the KeySafe5 GUI.

• After you enable the agent in the Cryptographic Security Platform Vault Management webGUI, it may take up to 15 minutes for the data to sync to the KeySafe5 GUI.

• After enabling the agent in the Cryptographic Security Platform Vault Management webGUI, you will need to log in to the Cryptographic Security Platform Compliance Manager webGUI, navigate to Data Sources, launch the KeySafe5 GUI, and perform the "reveal metadata" operation before your HSM keys will appear in the Cryptographic Security Platform Compliance Manager.