All cryptographic services performed by the SAKA servers are organized by SAKA encryption domains (SED). An SED is a logical entity that has a unique identifier, a name, its own key management policies, keys, users, and data. SAKA can host as many SEDs as the machine's physical capacity permits (it can theoretically manage (264‒1) encryption domains—but practically, most appliances will have just a few encryption domains on them—service providers that perform payment services, etc. may have a few hundred or even thousands of domains—one per customer).
When SAKA is newly installed, there is only one SED created on the machine as part of the installation process. This SED has a domain identifier (DID) value of 1. Most sites are likely to have just this one SED on the machine, and as such, the default values in the DA Preferences panel and the Domains panel are appropriate.
Click the Domains icon or Domains → View Domain on the menu. The following displays:
The Retrieve an encryption domain's information panel displays two fields—neither of which are modifiable—and two buttons:
Currently connected to SAKA |
The URL of the SAKA server to which DACTool is currently connected. This field remains blank if there is no current connection. |
Retrieve Encryption Domain |
The unique identifier of the encryption domain to which DACTool is currently connected. This field remains blank if there is no current connection. |
Cancel |
Cancels the operation and return you to the Home panel. |
Retrieve |
Retrieves information about the encryption domain and provides an opportunity to view and edit information about it. |
If the fields on this panel are not blank, upon selecting the Retrieve button, after a few seconds, a panel like the following is displayed (your domain information will differ):
NOTE: The blue buttons at left are used to dynamically restart the replication services which normally would require a full application restart to accomplish. Replication services consist of several ports and threads; this includes the Acknowledger thread (for receiving replication acknowledgment messages), the BackLog Proccessor (for re-sending old/stale replication objects if they are not acknowledged after a certain period after the replication record was created), the Publisher (for broadcasting replication messages the first time after they are created), and the Subscriber (for listening for incoming replication messages). Restart Replication restarts all the above-mentioned sub services at once. |
View or make adjustments to the fields, which are defined here:
Currently connected to SAKA |
The URL of the SAKA instance to which DACTool is currently connected. |
Domain identifier |
The unique identifier of the encryption domain to which DACTool is currently connected. This value can never be modified. |
Domain's name |
The “friendly” name of the encryption domain. This name can only be established when the domain is first created and never modified. |
Domain's current status |
The current status of this encryption domain:
Domain status can be modified by business and security policies. |
TPM UUID of encryption key |
For SAKA servers using the TPM cryptographic module, this field displays the universally unique identifier of the key object representing the EC encryption keys of this domain. This key object encrypts all symmetric encryption keys of this encryption domain. This value can never be modified. |
TPM UUID of signing key |
For SAKAs that use the TPM cryptographic module, this field will display the universally unique identifier of the key object that represents the EC signing keys of this domain. This key is used to digitally sign the digital certificates of the Domain Administrators of this domain. This value can never be modified. |
Notes (if any) |
User-defined comments with a maximum length of 512 alphanumeric characters. |
Cancel |
Cancels the operation and returns to the Home panel. |
Reset |
Resets all values to those retrieved from the database, as long as modifications since then have not been saved. Once saved, the saved values will become the new originals. |
Save |
This button is disabled by default, but if any modifiable values are changed on the screen, the button becomes enabled. Selecting it saves modified values to the database. |
Click Save if any changes were made.