During the SAKA domain creation process a key is created called the encryption domain Key (EDK). While everything else specific to a domain is automatically replicated, this key must be manually migrated to each appliance in the cluster for that appliance to encrypt and decrypt records in the domain. This key migration is ordinarily handled by the new domain creation process for all nodes in the cluster. There are, however, some cases where an EDK must be migrated after the domain creation process has taken place.
One such scenario is if a new appliance is being added to the cluster. During this process, the EDKs from each of the existing domains must be migrated to the TPM in the new appliance. Another potential scenario is if the motherboard is replaced on an existing appliance in the cluster; in this case, the appliance will lose its TPM and the EDKs will need to be remigrated to this appliance.
The new domain process uses a streamlined EDK migration wizard that only works for all the TPMs existing at the time of the domain creation. When an EDK must be migrated after the domain has already been created, it is done using the Key Migration (KM) Tool. KMTool is designed to take an EDK from any appliance and migrate it to another appliance in the cluster. KMTool uses a similar process to the wizards and provides the same degree of security and control as the wizards in the key migration process.