Product Documentation

The question arises: if DACTool only edits and views an encryption domain's information, how does one add a new encryption domain to SAKA? A business may have many reasons for creating a new domain. Some of the reasons are:

  • To address a new regulation requiring different policies for encryption and/or key management

  • To serve a different department—such as Human Resources for encrypting Social Security Numbers or pension-related financial data

  • To serve a different subsidiary's compliance requirements

  • To separate the encryption and storage of credit card numbers based on card issuer

 

SAKA is capable of hosting as many encryption domains as the physical capacity of the machine permits. So, how does one create a new domain?

The process of creating a new domain, while fairly simple, has one important prerequisite: the unique EC cryptographic keys of the new domain must be securely migrated from the Primary SAKA server to the Secondary under the protection of the Migration and Storage Key (MASK). This process is essential to ensure that encryption keys and data of the new domain are available on the Secondary server in the event of a disaster affecting the Primary server.

While a new encryption domain can be created on any node of the cluster, we recommend performing this task on the Primary.