Install and configure the Entrust Key Management Vault server
Install the Key Management Vault server
The Entrust Key Management Vault server is a software solution deployed from an OVA or ISO image. Entrust recommends that you read the Entrust Key Management Vault Installation Overview online documentation to fully understand the Key Management Vault server deployment.
To configure a Key Management Vault cluster (active-active configuration is recommended), Entrust recommends the use of the OVA installation method, as described in the Entrust Cryptographic Security Platform Key Management Vault OVA Installation online documentation.
After the Key Management Vault server is deployed, configure the first Key Management Vault node as described in the Entrust Configuring the First Cryptographic Security Platform Key Management Vault Node (OVA Install) online documentation.
Deploy the Cryptographic Security Platform Compliance Manager server in order to enable Vault License authentication, and allow active-active cluster creation, by following the steps detailed in the Entrust Compliance Manager Installation
Configure the Compliance Manager to establish an initial Appliance Cluster connection with the first Key Management Vault node. Refer to the steps for Creating an Appliance Cluster, and adding an Key Management Vault node, detailed in the Entrust Creating an Appliance Cluster Connection
After completing this procedure, create a second node by following the previous steps of deploying and configuring a Key Management Vault server, and add the second node to the active-active cluster as described in the Entrust Adding a New Cryptographic Security Platform Key Management Vault Node to an Existing Cluster (OVA Install) online documentation to create the recommended active-active cluster.
After setting up the Cryptographic Security Platform Compliance Manager server and creating a Appliance Cluster, add a license for software authentication to the Compliance Manager as described in the Entrust Adding a License
| Although an active-active cluster is not a requirement, and a single Key Management Vault node can be deployed to perform its functions, Entrust strongly recommends deploying the solution with a minimum of four nodes in an active-active cluster solution. |
Your Key Management Vault license determines how many Key Management Vault nodes you can have in a cluster. Key Management Vault requires the deployment of Cryptographic Security Platform Compliance Manager (CSPCM). CSPCM manages licenses for the various Key Management Vault(s) in the organization. For full information about the Key Management Vault licensing, see the Entrust https://docs.hytrust.com/CryptographicSecurityPlatformVault/10.5.1/Online/Content/Books/Admin-Guide/GUI-Reference/License-Page.html
Configure the Key Management Vault Server
After the Entrust Key Management Vault server is deployed and the initial installation is complete, you can configure the network settings, e-mail server preferences and cluster. For these procedures, see the Cryptographic Security Platform Key Management Vault System Configuration in the Administration Guide.