YubiHSM is a hardware security module developed by Yubico. It stores an encryption key for Advanced Authentication server instead of storing them on appliance locally.
To configure usage of the hardware security module, perform the following steps during configuration of Configuring Global Master Server:
Hold the YubiHSM touch area and connect the device to the server physically. Continue to hold the touch area for 3 seconds after the YubiHSM is connected to activate the configuration mode. The LED starts to flash when you have entered the configuration mode.
Click Create to create an encryption key using YubiHSM on the Create encryption key screen. After some seconds an encryption key will be created on the YubiHSM and a message is displayed in green: Key file has been created. In the Current key name you can see a YUBIHSM postfix.
Click Next.
IMPORTANT:If you use a YubiHSM on the DB Master server, on the DB Slave server you must use another YubiHSM. In such a scenario, installation of DB Slave server without a YubiHSM is not supported. There is no configuration to create an enterprise key during configuration of DB Slave server, the connected YubiHSM that is configured when the master's database is copied to the DB Slave server.