Pre-Shared Authentication Keys for Software Event Brokers

Pre-shared authentication keys are used to authenticate connections between redundancy group members and must be the same for all members. By default, no key is set on an event broker.

Generating Pre-Shared Keys

Pre-shared authentication keys are 32 to 256 bytes of binary data encoded in Base64. To ensure maximum security, Solace recommends that each key be randomly generated and as long as possible.

Configuring Pre-Shared Keys

To set the pre-shared key authentication key for an event broker in a redundant deployment, enter the following commands:

solace(configure)# redundancy
solace(configure/redundancy)# authentication
solace(configure/redundancy/authentication)# pre-shared-key key <pre-shared-key>

Where:

<pre-shared-key> is 44 to 344 characters (which translates into 32 to 256 bytes of binary data encoded in Base64). The no version of this command returns the value to the default.

Changing Pre-Shared Keys

You do not need to shut down redundancy group members to change a pre-shared key. Also, either the primary or backup node can be active, and the other node is in standby mode.

To make the change, perform the following three steps.

In order to migrate from a group password to a pre-shared key, you must first add the desired pre-shared key and then remove the group password. For more information, refer to Pre-Shared Authentication Keys for Software Event Brokers.

  1. Change the key on the monitoring node.
    solace3(configure)# redundancy
    solace3(configure/redundancy)# authentication
    solace3(configure/redundancy/authentication)# pre-shared-key key <new-pre-shared-key>
  2. Change the key on the active node.
    solace1(configure)# redundancy
    solace1(configure/redundancy)# authentication
    solace1(configure/redundancy/authentication)# pre-shared-key key <new-pre-shared-key>
  3. Change the key on the standby node.
    solace2(configure)# redundancy
    solace2(configure/redundancy)# authentication
    solace2(configure/redundancy/authentication)# pre-shared-key key <new-pre-shared-key>