08-29-2019 06:02 AM
Hello,
If there are 3 NSO nodes - master, slave 1 and slave 2, how do we set up the device encrypted passwords? I know the AES encryption key is to be kept the same on all three nodes. But does the password have to be set with HA enabled or it is ok to set them separately (HA disabled) on all 3 nodes and then enable HA? Will that work?
08-29-2019 06:21 AM
If there are 3 NSO nodes - master, slave 1 and slave 2, how do we set up the device encrypted passwords? I know the AES encryption key is to be kept the same on all three nodes. But does the password have to be set with HA enabled or it is ok to set them separately (HA disabled) on all 3 nodes and then enable HA? Will that work?
What do you mean by "device encrypted passwords"? Are they config data stored in NSO's CDB? In that case, you should set them in the master node, and they will be replicated to the slave nodes.
The keys are the same in all nodes, but still, when encrypting a string, the initial vector will be randomly generated. So, you cannot assume that for a given plaintext string, the encrypted value calculated by different nodes (or even the same node at different times) will be the same.
/Ram
08-29-2019 06:47 AM
Thank you Ram for your reply. Yes the device encrypted passwords are config data stored in CDB. They are the authgroup passwords.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide