Migrating a Key Trustee KMS Server Role Instance to a New Host

In some cases – for example, after your upgrading your servers – it is desirable to migrate a Key Trustee KMS Server role instance to a new host. This procedure describes how to move a Key Trustee KMS proxy service role instance from an existing cluster host to another cluster host.

The security and performance requirements for the KMS proxy are based on providing a dedicated system to the role, and not shared with CDP or other services. The KMS proxy represents a service that must be:
  • secure
  • isolated from non-administrator access
  • maintained as a system with a higher level of isolation and security requirements compared to other cluster nodes