Deploy and configure KeyControl

Deploy a KeyControl cluster

For the purpose of this integration, a two-node cluster was deployed as follows:

  1. Download the KeyControl software from Entrust TrustedCare. This software is available as an OVA or ISO image. This guide deploys an OVA installation.

  2. Install KeyControl as described in KeyControl OVA Installation.

  3. Configure the first KeyControl node as described in Configuring the First KeyControl Node (OVA Install).

  4. Add second KeyControl node to cluster as described in Adding a New KeyControl Node to an Existing Cluster (OVA Install).

    Both nodes need access to an NTP server, otherwise the above operation will fail. Sign in to the console to change the default NTP server if required.
    keycontrol cluster
  5. Install the KeyControl license as described in Upgrading Your Trial License.

Additional KeyControl cluster configuration

After the KeyControl cluster is deployed, additional system configuration can be done as described in KeyControl System Configuration.

Configure authentication

This guide uses local account authentication.

For AD-managed Security groups, configure the LDAP/AD Authentication Server as described in Specifying an LDAP/AD Authentication Server.

Create DNS record for the KeyControl cluster

This guide uses the individual IP addresses of the KeyControl nodes.

To use hostnames, configure your DNS server giving each node in the KeyControl a unique name.

Create a Cloud Keys Vault in the KeyControl

The KeyControl Vault appliance supports different type of vaults. For example: cloud key management, KMIP, PASM, database, and others. This section describes how to create a Cloud Keys vault for this integration.

Refer to the Creating a Vault section of the admin guide for more details.

  1. Sign in to the KeyControl Vault Server web user interface:

    1. Use your browser to access the IP address of the server.

    2. Sign in using the secroot credentials.

  2. From the user’s dropdown menu, select Vault Management.

    vault usersmenu
  3. In the KeyControl Vault Management interface, select the Create Vault icon.

  4. In the Create Vault page, select Cloud Keys. Then enter your information.

    For example:

    kc create cloud keys vault aws byok
  5. Select Create Vault, then select Close.

    A window with the newly created vault information appears. In addition, an email with the same vault information is sent to the security administrator secroot.

    Example vault information window:

    vault created successfully aws byok

    Example email:

    login email
  6. Bookmark the Vault URL listed above.

    The newly created Vault is added to the Vault Management dashboard.

    For example:

    vault management dashboard aws byok
  7. Sign in to the Vault URL with the temporary password. Change the initial password when prompted. Sign in again to verify.

    For example:

    vault login
  8. Notice the new vault.

    For example:

    vault new aws byok

View the Cloud Keys Vault details

  1. Back in the Vault Management dashboard, hover over the Vault and select View Details.

    For example:

    vault details aws byok
  2. Select Close when done.