Introduction

Entrust KeyControl has been rebranded as the Entrust Cryptographic Security Platform (CSP) Key Manager.

The Entrust CSP Key Manager continues to provide a comprehensive solution for discovering and managing the lifecycles of cryptographic keys, secrets, certificates, tokens, libraries, protocols, and configurations:

  • The KeyControl Compliance Manager is now the Entrust CSP Compliance Manager. It still integrates with Entrust nShield Hardware Security Modules (HSMs) to protect the master keys for the CSP.

  • KeyControl Vault is now the Entrust Cryptographic Security Platform Vault. The Cryptographic Security Platform Vaults also still integrate with Entrust nShield HSMs to provide an optional HSM root of trust.

Because the Entrust integrations are tested against specific product versions, this guide is still branded as a "KeyControl" integration. It was tested against a pre-CSP version of KeyControl.

Exercise caution when using an Entrust Integration Guide with a product version that does not match the tested version, because your version might not function in exactly the same way.

Entrust cannot guarantee the success of integrations in configurations other than those indicated in the guide. This guide remains on the website for customers using pre-CSP versions of KeyControl.

This document describes the integration of Nutanix AHV cluster with the Entrust KeyControl Key Management Solution (KMS). Entrust KeyControl serves as a KMS in Nutanix AHV cluster using the open standard Key Management Interoperability Protocol (KMIP).

Product configurations

The following versions have been tested for compatibility:

Product Version

Nutanix AOS

v6.10 and v7.0

Entrust KeyControl

v10.4.3

Supported features

The following Entrust KeyControl features have been tested in this integration.

Entrust KeyControl Feature Support

Deployment in Nutanix AHV from ISO

Yes

Cluster Mode

Yes

Cluster Expansion

Yes

Node Removal

Yes

Retain Configuration After Total Cluster Power-Down

Yes

Support for the following Nutanix features have been tested in this integration.

Supported Nutanix Feature Support

Data-at-Rest Encryption

Yes

Cluster Expansion

Yes

Node Removal

Yes

Re-Keying

Yes

Requirements

To integrate the Entrust KeyControl and the Nutanix AHV cluster you require:

Familiarize yourself with: