[SERVER-28011] Support multiple KMIP hosts in the --kmipServerName parameter Created: 14/Feb/17  Updated: 10/Jun/20  Resolved: 03/Sep/19

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 4.2.1, 4.3.1, 4.0.14

Type: Bug Priority: Major - P3
Reporter: Spencer Jackson Assignee: Adam Cooper (Inactive)
Resolution: Done Votes: 6
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
is depended on by DOCS-13621 Note that --kmipServerName can take m... Closed
Documented
is documented by DOCS-13242 Document that kmipServerName now acce... Closed
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v4.2, v4.0, v3.6, v3.4, v3.2
Sprint: Security 2019-08-26, Security 2019-09-09
Participants:
Case:

 Description   

Some KMIP appliances appear to use an internal replication system to ensure keys are distributed across multiple physical servers. Instead of backing a single hostname with multiple machines through a High Availability infrastructure, they seem to be relying on clients to perform some operation analogous to our Server Discovery and Monitoring to find a working server with the data they're requesting.

We need to be able to specify multiple hostnames to kmipServerName to enable our client to fallback to backup KMIP servers if it encounters network errors.



 Comments   
Comment by Andrew Feierabend (Inactive) [ 10/Jun/20 ]

For the curious, stumbling on this ticket in the future: yes, all KMIP servers specified to --kmipServerName or security.kmip.serverName must use the same port: 5696 by default, or the port specified to kmipPort. It is not possible presently to specify different ports to different KMIP servers.

Comment by Githook User [ 02/Oct/19 ]

Author:

{'name': 'Adam Cooper', 'username': 'super-cooper', 'email': 'adam.cooper@mongodb.com'}

Message: SERVER-28011 Support multiple KMIP hosts in the --kmipServerName parameter

(cherry picked from commit 3f36c8438fe410f2bb31d805ff8c8e4ea1421d49)
Branch: v4.0
https://github.com/10gen/mongo-enterprise-modules/commit/aa94e5d6a08b1a63fef65935717626506c6a85b1

Comment by Githook User [ 24/Sep/19 ]

Author:

{'username': 'super-cooper', 'email': 'adam.cooper@mongodb.com', 'name': 'Adam Cooper'}

Message: SERVER-28011 Support multiple KMIP hosts in the --kmipServerName parameter

(cherry picked from commit 3f36c8438fe410f2bb31d805ff8c8e4ea1421d49)
Branch: v4.2
https://github.com/10gen/mongo-enterprise-modules/commit/109b3a828f8ee0ec9ef727eb8045e39d3a8837e5

Comment by Githook User [ 03/Sep/19 ]

Author:

{'name': 'Adam Cooper', 'username': 'super-cooper', 'email': 'adam.cooper@mongodb.com'}

Message: SERVER-28011 Support multiple KMIP hosts in the --kmipServerName parameter
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/3f36c8438fe410f2bb31d805ff8c8e4ea1421d49

Comment by Chris Smith [ 14/Aug/19 ]

We are currently working with Thales Vormetric DSM which does not support a load balancer as they use an active/active solution for HA.  This feature is something that we would need in order to implement encryption within MongoDB.

Comment by Davi Ottenheimer [ 17/Dec/18 ]

thanks andrey.brindeyev. KMIP scaling was a popular question at SF.local so we pushed the blog post out to point attendees there

Generated at Thu Feb 08 04:16:52 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.