Enable SNMP on the Thales KMS

You can define the SNMP community string with which to query the Thales KMS.

About the SNMP Access Control List

If the SNMP Access Control List (ACL) is empty, SNMP requests from any IP address is acknowledged. If the SNMP ACL is defined to allow only certain IP addresses (for example, 10.1.2.3) or IP address blocks (for example, 10.1.2.*) to go through, the Thales KMS only acknowledges requests from IP addresses specified in the SNMP ACL.

The community string and IP address are the only credentials used to verify the legitimacy of the SNMP request. The community string is typically set to a factory default value of “public.” This string must be the same for all devices in the same group for SNMP monitoring to function. For security reasons, the Network Administrator should change the community string from “public” to a custom value.

We recommend that you do not enable SNMP on the Thales KMS unless it is required, as this could pose a security risk. If you do enable SNMP on the Thales KMS, we recommend that you use an SNMP ACL to restrict access to this service, and change the default community string from ‘public’ to a custom value.

SNMP in a high-availability environment

The failover Thales KMS in a high availability cluster shares the same SNMP configuration as the primary Thales KMS. Enable SNMP listening on the primary Thales KMS and SNMP listening is enabled on the failover Thales KMS.

The community string that you enter is applied to the primary Thales KMS and the failover Thales KMS in the high-availability cluster. This means that an SNMP server that is allowed to query the primary Thales KMS can also query the failover Thales KMS in the high-availability cluster.

If the failover Thales KMS in a high-availability configuration does not respond to SNMP requests, restart the failover Thales KMS to resolve the issue.

Ports

GET requests can be sent to port 161 or port 7025.

Procedure 

  1. Log on to the Thales KMS web application with a user type of System Administrator.

    Do not enter a domain.

  2. Go to System, select SNMP.

  3. On the Configuration tab, select SNMP Enabled to make the Thales KMS listen for SNMP queries.

  4. In the SNMP Community String field, enter the community string or password the SNMP servers will use to query the Thales KMS.

  5. Select Apply.

    Once SNMP is enabled, the Thales KMS responds to requests from any SNMP server unless a preferred SNMP server is specified in the Access Control List. Once the IP address of a SNMP server is specified in the Access Control List, the Thales KMS only responds to that SNMP server.