How do I distribute global key chains to NEs?

Purpose

Perform the following procedure to distribute one or more global TCP key chains to one or more NEs. When you distribute a global key chain, a local key chain using the Sync With Global distribution mode allows the NE to receive the key chain.

CAUTION 

CAUTION

Service Disruption

Releasing, distributing, or deleting a TCP keychain or TCP key can be service-affecting.

Ensure that you understand the implications of these operations before you proceed.

Steps
 

Choose Administration→Security→TCP KeyChains from the NFM-P main menu. The TCP KeyChains form opens.

Verify that none of the key chains in the list that you want to distribute are in Draft configuration mode and go to Step 4 . Otherwise go to Step 3 .
WARNING 

WARNING

Equipment Damage

Verify the local definitions before releasing a global key chain.

When you release a global key chain, the key chain is distributed to existing local definitions.

When a key chain is in Draft configuration mode, the Distribute button is disabled and the key chain cannot be distributed to an NE. You must first release the key chain for distribution.

To release a key chain:

  1. Select the key chain entry and click Properties. The Key Chain (Edit) form opens.

  2. Click Switch Mode to acknowledge the Configuration Mode change. The Release form opens.

  3. Select the required NEs for release by moving the appropriate row entries from the Available Objects panel to the Selected Objects panel.

    See the policy management chapter in the NSP NFM-P User Guide for more information on policy distribution.

  4. Click on the Distribute button to release the key chain locally to devices.

  5. Click Close. The Release form closes and the configuration mode of the key chain is changed to Released.

  6. Close the Key Chain (Edit) form.

To distribute a key chain:

Note: Local definitions of key chains that use the Local Edit Only distribution mode do not allow their NEs to receive the distribution of a global key chain. You must set the distribution mode of a local key chain to Sync With Global if you need the associated NE to receive the distribution of a global key chain.

  1. Select one or more key chains and click Distribute. The Distribute - KeyChain form opens.

  2. Select the required NEs by moving the appropriate row entries from the Available Objects panel to the Selected Objects panel.

  3. Click Distribute. The NFM-P distributes the key chains to the NEs.

  4. Close the Distribute - KeyChain form. The TCP KeyChains form reappears.

To configure the distribution mode of a local definition:

  1. Click Switch Distribution Mode. The Switch Distribution Mode form opens.

  2. Choose Sync With Global, Local Edit Only, or All from the drop-down menu. Only the sites that are configured with the selected distribution mode are listed.

  3. Choose one or more entries in the Available Local Policies panel and click on the right arrow. The chosen entries move to the Selected Local Policies panel.

  4. Depending on the current distribution mode of the chosen entries, perform one of the following:

    • Click Sync With Global.

    • Click Local Edit Only.

    The distribution mode of the selected entries changes accordingly.

  5. Close the Distribution Mode form.

Close the TCP KeyChains form.

End of steps