SECURING


ID vault servers
An ID vault server is a server with a vault replica. The first vault server is created when the vault is created using the ID Vaults -> Create tool. Vault administrators create additional vault servers using the ID Vaults -> Manage tool in the Domino® Administrator.

Vault administrators should always use theID Vaults -> Manage tool to add or remove vault servers because the tool manages vault server information in the vault configuration document in the Domino Directory and in the vault database. Do not use Notes® menu commands or the database replication tool in the Domino Administrator to add or remove vault replicas.

Environments with many users are likely to see performance benefits to using multiple vault servers, and any environment can benefit from failover that multiple vault servers can provide. It is important that replication occurs regularly among vault servers, either through clustered or scheduled replication. Replication conflicts are managed automatically and are not a concern.

When there are multiple vault servers, one is designated as the vault primary server. This server carries out some vault operations related to name changes and key rollover to avoid replication conflicts. It is also the server from which the last vault replica is deleted if you delete the entire vault configuration. The primary server is shown with a checkmark in the ID Vaults -> Manage tool. It is also the first server listed when you issue the show idvaults command.

Related concepts
Planning an ID vault deployment

Related tasks
Adding or removing ID vault servers