Deploy and configure KeyControl

Deploy a KeyControl cluster

For the purpose of this integration, a two-node cluster was deployed as follows:

  1. Download the KeyControl software from Entrust TrustedCare. This software is available as an OVA or ISO image. This guide deploys an OVA installation.

  2. Install KeyControl as described in KeyControl OVA Installation.

  3. Configure the first KeyControl node as described in Configuring the First KeyControl Node (OVA Install).

  4. Add second KeyControl node to cluster as described in Adding a New KeyControl Node to an Existing Cluster (OVA Install).

    Both nodes need access to an NTP server, otherwise the above operation will fail. Sign in to the console to change the default NTP server if required.
    keycontrol cluster

  5. Install the KeyControl license as described in Managing the KeyControl License.

Additional KeyControl cluster configuration

After the KeyControl cluster is deployed, additional system configuration can be done as described in KeyControl System Configuration.

Configure authentication

This guide uses local account authentication.

For AD-managed Security groups, configure the LDAP/AD Authentication Server as described in Specifying an LDAP/AD Authentication Server.

Create DNS record for the KeyControl cluster

This guide uses the individual IP addresses of the KeyControl nodes.

To use hostnames, configure your DNS server giving each node in the KeyControl a unique name.

Create a KMIP Vault in the KeyControl

The KeyControl Vault appliance supports different type of vaults. For example: cloud key management, KMIP, PASM, database, and others. This section describes how to create a KMIP vault for tis integration.

Refer to the Creating a Vault section of the admin guide for more details.

  1. Sign in to the KeyControl Vault Server web user interface:

    1. Use your browser to access the IP address of the server.

    2. Sign in using the secroot credentials.

  2. From the user’s dropdown menu, select Vault Management.

    vault usersmenu

  3. In the KeyControl Vault Management interface, select Create Vault.

    vault interface

  4. In the Create Vault page, select KMIP. Then enter your information.

    For example:

    kc create kmip vault 3040 6480

  5. Select Create Vault, then select Close.

    A window with the newly created vault information appears. In addition, an email with the same vault information is sent to the security administrator secroot.

    Example vault information window:

    vault created successfully 3040 6480

    Example email:

    login email

  6. Bookmark the Vault URL listed above.

    The newly created Vault is added to the Vault Management dashboard.

    For example:

    vault management dashboard 3040 6480

  7. Sign in to the Vault URL with the temporary password. Change the initial password when prompted. Sign in again to verify.

    For example:

    vault login

  8. Notice the new vault.

    For example:

    vault new 3040 6480

View the KMIP Vault details

  1. Hover over the Vault and select View Details.

    For example:

    vault details 3040 6480

  2. Select Close when done.