How to Configure Encryption Keys in Multiple NPS Server Environments
Overview
This article covers the steps to configure encryption keys in environments with multiple Netwrix Privilege Secure (NPS) servers. Apply these steps when setting up high availability (HA) in your environment. Refer to the following article for additional information on establishing active/passive HA with PostgreSQL backend: How to Use NPS.HaMgr.exe.
Instructions
NOTE: The following steps apply to SbPAM v3.6, v3.7, and higher and to NPS v.4.0 and higher.
Refer to the following steps to verify that NPS encryption keys are configured on all NPS servers:
IMPORTANT: For the following steps, if the application was installed to a dedicated drive, change the drive letter from X to the appropriate letter.
-
Install NPS on the primary and secondary servers. Apply your license file to both NPS instances. Refer to the following article for additional information on applying a license: Apply a New License.
-
On your primary server, run the following lines in elevated Command Prompt:
cd "X:\Program Files\Stealthbits\PAM\KeyTools"
.\SbPAM.RotateKey.exe export -n keys.exp
-
Command Prompt prompts a password used to protect the NPS encryption keys. Take note of the password to use it later.
-
Copy the exported file to the following path on the secondary server:
X:\Program Files\Stealthbits\PAM\KeyTools
- On your secondary server, run the following lines in elevated Command Prompt:
cd "X:\Program Files\Stealthbits\PAM\KeyTools"
.\SbPAM.RotateKey.exe import -n keys.exp
-
Enter the password when prompted.
-
Delete the exported keys file and any saved passwords from both servers.