Policy Server Guides › Policy Server Administration Guide › Configuring and Managing Encryption Keys › Key Management Overview

Key Management Overview

To keep key information updated across large deployments, the Policy Server provides an automated key rollover mechanism. You can update keys automatically for Policy Server installations that share the same key store. Automating key changes also ensures the integrity of the keys. For SiteMinder Agents that are configured for single sign-on, the key store must be replicated and shared across all SiteMinder environments in the single sign-on environment.

If the Policy Server determines that a key store that was configured separately from the policy store is unavailable, it attempts to reconnect to the key store to determine if it has come back online. If the connection fails, the Policy Server:

• Goes in to a suspended state and refuses any new requests on established connections until the key store comes back online.

  A Policy Server in a suspended state remains up for the length of time specified in SuspendTimeout, at which point the Policy Server shuts down gracefully. If SuspendTimeout is equal to zero, the Policy Server remains in the suspended state until the key store connection is reestablished.

• Returns an error status to let Web Agents failover to another Policy Server.
• Logs the appropriate error messages.

Additionally, when the Policy Server is started and the key store is unavailable, the Policy Server shuts down gracefully.

You manage keys using the SiteMinder Key Management dialog box in the FSS Administrative UI.