Adding a KeyControl Node to a Cluster using an nShield HSM client

After you have configured a single node cluster for the nShield HSM, you can quickly add a new KeyControl node. All members of the KeyControl cluster must be added as clients of the nShield HSM server(s).

1. Use the webGUI to join the new node to your existing cluster that is configured with nShield HSM.

   For complete instructions, see Joining or Re-joining a KeyControl Cluster.

2. After the process is finished, log in to the new cluster node using the webGUI.
3. In the System Settings section, click HSM Server Settings.

4. On the HSM Server Settings tab, select nShield HSM.

   You should see the nShield HSM Server Settings page with all of the settings imported from the original cluster node.

5. Click the Client List tab to view the cluster nodes.
6. Copy the KeyControl IP address and the keyhash of the node that you just added, and paste them in a text window.

7. Use the IP address and keyhash to authenticate KeyControl on nShield. Please see your nShield documentation.

   Important: For KeyControl clusters, you will need to authenticate the IP address and keyhash for each KeyControl cluster node, and authenticate each node to each HSM.

8. Return to the nShield HSM Server Settings page for the new cluster node.
9. Click the Locate Admin Key button to ensure that the new node is now fully connected to nShield HSM.