You manage domain groups in the TKE main window. You can add, change, delete or view domain group definitions from this container. You can also check group overlap.
The domain group concept allows you to perform operations on a set of crypto module domains as you would on a single crypto module domain. A domain group can include crypto modules from many hosts.
A domain group can contain domains on one or more crypto modules configured with CCA firmware or else can contain domains on one or more crypto modules configured with EP11 firmware. A domain group cannot contain a mixture of CCA-configured and EP11-configured domains.
In general, you work with the domain group as if it is a single domain. For example, you will see only one New Master Key register. The values displayed for a domain group are the values of the master domain. You select the master domain when you create the domain group. Also, note that the master crypto module of a domain group is the crypto module that contains the master domain.
For most operations, it is important that the crypto modules and domains within a domain group are in the same state. For example, the crypto modules have identical roles and domains have the same master keys. You maintain this by always working on members of the domain group using the domain group interface, and not operating on the crypto modules individually.
When TKE performs a domain group operation that is not successful, two new groups are created. One domain group contains the successfully updated crypto module domains and one domain group contains the crypto module domains where the update failed. This allows you to operate on the crypto module domains of the failed group until the update is successful. You may then delete the two new domain groups as you wish.
When you work with a domain group, either double-click or click with the right mouse button on one of the domain groups defined in the Domain Groups container. You will be prompted to log on to the hosts associated with the crypto module members of the domain group.
When you open the crypto modules of a domain group, a crypto module notebook is displayed.
When loading operational key parts using a CCA domain group, only the master domain is changed even if there are other domains in the domain group.