Periodic Renewal Of The Key Management Key (Kmk) - Novell ZENWORKS ENDPOINT SECURITY MANAGEMENT 3.5 - ADMINISTRATION Administration Manual

4.3.2 Periodic Renewal of the Key Management Key (KMK)

Cryptographic best practices dictate that the KMK be renewed at regular intervals to prevent certain
cryptographic attacks from being practical. This need only take place on a relatively long cycle:
typically on the order of once every year, and should not be done too frequently because the change-
over does involve some effort and bandwidth costs.
To renew the KMK, perform the following steps:
1 Open the Communications Console on the Management Service (Start/Programs/Novell/
Management Service/Endpoint Security Management Communications Console).
NOTE: Running the Communications Console causes the Management Service to lose user
and log data; however, policy data is not deleted.
2 Allow the Communications Console to run a complete check.
3 Have all end users authenticate to the Management Service (either via VPN or while inside the
appropriate firewall), by right-clicking the Endpoint Security Client taskbar icon, then clicking
Check for Policy Update.
4 The Management Console automatically passes the new KMK credentials down. In some
cases, the user must authenticate to the domain (username and password).
Until the endpoints renew their KMK, they will not be able to communicate with the Policy
Distribution Service.
40 ZENworks Endpoint Security Management Administration Guide