YubiHSM is a hardware security module developed by Yubico. It allows to store an encryption key for Advanced Authentication server instead of storing them on appliance locally.
To configure usage of the hardware security module, you need to follow the instructions during configuration of Configuring Global Master Server:
Hold the YubiHSM touch area and connect the device to the server physically. Continue to hold the touch area for 3 seconds when the YubiHSM is connected to activate the configuration mode. The LED starts to flash when you have entered the configuration mode.
Click Create to create an encryption key with the YubiHSM on the Create encryption key screen. In some seconds an encryption key will be created on the YubiHSM and a message is displayed in green: Key file has been created. In the Current key name you can see a YUBIHSM postfix.
Switch Enable FIPS 140-2 to ON if you need to comply to the FIPS 140-2 encryption.
Click Next and wait for 60 seconds while the server restarts.
IMPORTANT:If you use a YubiHSM on the DB Master server, on the DB Slave server you must use another YubiHSM. In such a scenario, installation of DB Slave server without a YubiHSM is not supported. There is no step to create an enterprise key during configuration of DB Slave server, the connected YubiHSM is configured when the master's database is copied to the DB Slave server.