After the installation of Advanced Authentication Server appliance, you must configure the mode on which the appliance runs. The first server is the Global Master/ Server Registrar. This is the server with master database. DB Master, DB Servers and Web Servers are connected to the master database.
To configure the first server, perform the following steps:
Ensure that you install the Advanced Authentication Server appliance.
Open the Advanced Authentication Configuration Wizard for the server: https://<server_host_name> (the URL is displayed after you install Advanced Authentication Server).
Select New Cluster and click Next on the first Server Mode screen of the Configuration Wizard.
Specify the server DNS hostname in My DNS hostname and click Next on the DNS hostname screen.
NOTE: You must specify a DNS hostname instead of an IP address because appliance does not support the changing of IP address.
Specify a password for the LOCAL\admin account and confirm it and click Next on the Password screen.
NOTE:If you need to use a Hardware Security Module from Yubico, perform the steps 1 to 5 and then follow the steps in the section Configuring YubiHSM. Skip the steps 6 to 8 in this section.
Click Create to generate an encryption key file on the Create encryption key screen.
Switch Enable FIPS 140-2 to ON if you need to comply to the FIPS 140-2 encryption.
Click Next and wait for 60 seconds while the server restarts.
YubiHSM is a hardware security module developed by Yubico. It allows to store an encryption key for Advanced Authentication Server instead of storing them on appliance locally.
To configure usage of the hardware security module you need to follow the instruction during Configuring First Server configuration of Configuring First Server:
Hold the YubiHSM touch area and connect the device to the server physically. Continue to hold the touch area for 3 seconds when the YubiHSM is connected to activate the configuration mode. The LED starts to flash when you have entered the configuration mode.
Click Create to create an encryption key with the YubiHSM on the Create encryption key screen. In some seconds an encryption key will be created on the YubiHSM and a message is displayed in green: Key file has been created. In the Current key name you will see a YUBIHSM postfix.
Switch Enable FIPS 140-2 to ON if you need to comply to the FIPS 140-2 encryption.
Click Next and wait for 60 seconds while the server restarts.
IMPORTANT:If you use a YubiHSM on the DB Master server, on DB Slave server another YubiHSM must be used. In such case installation of DB Slave server without YubiHSM is not supported. There is no step to create an enterprise key during configuration of DB Slave server, the connected YubiHSM will be configured during copying of the master's database to the DB Slave server.