Key management servers, such as Group Domain of Interpretation (GDOI) servers, distribute cryptographic policy and encryption keys to one or more group members. The policy and keys are used to implement a security feature, such as security for broadcast or multicast traffic. For example, the policy and keys distributed by GDOI servers can be used to exchange encrypted data using IP Security (IPSec) data encryption.
When the number of group members is large (e.g., in the hundreds or thousands), it is often advantageous to deploy multiple key management servers. Each key management server can serve a subset of the group members. The key management servers can cooperate with each other, such that all key management servers within the same key management system will distribute the same policy and keys.
To provide redundancy within a system that includes multiple key management servers, group members can be configured with contact information for more than one key management server. For example, group members can be configured with an ordered list of key management servers. This ordered list identifies the primary key management server (e.g., the first key management server that a group member should attempt to contact when the group member needs keys), as well as one or more backup key management servers (e.g., servers that the group member should attempt to contact if the primary key server is unavailable). Such a technique allows a key server administrator to assign subsets of the group members to different sets of key servers. Different sets of key management servers can also be assigned to different subsets of the group members to provide load balancing among the key management servers.
Currently, the ordered list of key management servers is manually preconfigured on each group member. This presents an additional burden for key server administrators, since an administrator must manually enter the list of key management servers on each group member. Additionally, if key management servers are added or retired, at least some of the lists of key management servers may need to be updated. This again requires an administrator to manually configure information on one or more group members. As this example shows, improved techniques for configuring each group member with a list of key management servers are desirable.
While the invention is susceptible to various modifications and alternative forms, specific embodiments of the invention are provided as examples in the drawings and detailed description. It should be understood that the drawings and detailed description are not intended to limit the invention to the particular form disclosed. Instead, the intention is to cover all modifications, equivalents and alternatives falling within the spirit and scope of the invention as defined by the appended claims.