Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
866
Views
5
Helpful
2
Replies

Device encrypted passwords in HA enabled

suvdeshm
Cisco Employee
Cisco Employee

‎08-29-2019 06:02 AM

Hello,

 

If there are 3 NSO nodes - master, slave 1 and slave 2, how do we set up the device encrypted passwords? I know the AES encryption key is to be kept the same on all three nodes. But does the password have to be set with HA enabled or it is ok to set them separately (HA disabled) on all 3 nodes and then enable HA? Will that work?

0 Helpful
2 Replies 2

ramkraja
Cisco Employee
Cisco Employee

‎08-29-2019 06:21 AM

If there are 3 NSO nodes - master, slave 1 and slave 2, how do we set up the device encrypted passwords? I know the AES encryption key is to be kept the same on all three nodes. But does the password have to be set with HA enabled or it is ok to set them separately (HA disabled) on all 3 nodes and then enable HA? Will that work?

What do you mean by "device encrypted passwords"? Are they config data stored in NSO's CDB? In that case, you should set them in the master node, and they will be replicated to the slave nodes.

The keys are the same in all nodes, but still, when encrypting a string, the initial vector will be randomly generated. So, you cannot assume that for a given plaintext string, the encrypted value calculated by different nodes (or even the same node at different times) will be the same.

/Ram

suvdeshm
Cisco Employee
Cisco Employee
In response to ramkraja

‎08-29-2019 06:47 AM

Thank you Ram for your reply. Yes the device encrypted passwords are config data stored in CDB. They are the authgroup passwords. 

0 Helpful
Customers Also Viewed These Support Documents