Hytrust KeyControl – Key Management Server Setup

HyTrust KeyControl enables encryption users to easily manage their encryption keys at scale. HyTrust is the only KMS vendor that VMware invested in. It is available as an OVA, for fast installation and configuration in VMware vCenter. In this post i show you how to easily install and configure this KMS service in a vSphere enviroment.

Step 1 – Deploying the OVA Package

Browse to the location where the OVA file located.

Type the name for the new VM.

Select where to run the new VM.

Review the hardware requirement.

Accept the license agreement

Select the VM configuration. In my case because is a lab setup the demo configuration is selected.

Note: Not recommended for production environment.

Select the Storage and Network where the new VM will be running.

Specify the VM Netwok parameters.

Step 2 – Configuring the newly deployed KMS appliance.

Power on the newly deployed VM server. It will ask you to specify a password for the htadmin account. Enter a new password for htadmin and press OK.

Wait for the configuration process to complete

Go to the KMS management console by acceding https://<kms-ip-address> then provide the default credentials.

Complete the configuration wizard by selecting the instance type and specify a new password.

Optional – Configure Email notification.

Download and save the Admin Key to a secure location.

Note: This key is primarily used for recovery purpose

Step 3 – Enable the KMIP Service

The Key Management Interoperability Protocol (KMIP) enables communication between key management systems and cryptographically-enabled applications, including email, databases, and storage devices. Select KMIP in the top banner bar. Go to State and put it on Enabled. Then open Protocol and select Version 1.1 from the drop-down list. As a final step go to Restrict TLS and select Enabled to make sure traffic is on the TLS 1.2 protocol. Click the Apply button now to apply the new settings.

Summary

We have now added and configure the KMS server which gives us some extra security possibilities for our infrastructure or cryptographically-enabled applications.

Leave a Comment

Your email address will not be published. Required fields are marked *