|
|
|
The Policy Server supports manual and periodic rollover of shared secrets for trusted hosts.
Periodic rollovers can be configured hourly, daily, weekly, or monthly; one hour is the shortest allowable period between rollovers. The Policy Server initiates periodic rollovers based on the age of the shared secret for each trusted host, rather than at a specific time of the day, week, or month. By rolling over each shared secret as it expires, the processing associated with the rollover is distributed over time, and avoids placing a heavy processing load on the Policy Server.
If you use the manual rollover feature, future periodic rollovers will generally be clustered together for all trusted hosts, since the manual rollover sets new shared secrets for all trusted hosts that allow shared secret rollover.
Important! If you enable key generation on more than one Policy Server associated with a single policy store, the same shared secret can be rolled over more than once in a short period of time due to object store propagation delays. This can result in orphaned hosts whose new shared secrets have been discarded. To avoid this potential problem, enable shared secret rollover for a single Policy Server per policy store.
To configure shared secret rollover for trusted hosts
The Shared Secret Rollover pane opens.
Rollover Frequency
Enter an integer for the number of times a rollover should occur. This number works together with the value of the rollover period.
Rollover Period
From the pull-down list, select Hours, Days, Weeks or Months for the occurrence of the rollover.
The Policy Server begins the process of rolling over shared secrets for all trusted hosts configured to allow shared secret rollover. The rollover may take some time depending on the number of trusted hosts in your deployment.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |