Introduction
This guide describes the integration of the Entrust KeyControl KMIP Vault Key Management Solution (KMS) with Veeam Backup & Replication. Entrust KeyControl KMIP Vault can serve as a Key Management Server in Veeam Backup & Replication using the Key Management Interoperability Protocol (KMIP) open standard.
Documents to read first
This guide describes how to configure the Entrust KeyControl KMIP Vault as a Key Management Server in Veeam Backup & Replication.
To install and configure the Entrust KeyControl KMIP Vault as a KMIP server, see the following documents:
-
Entrust KeyControl Vault nShield HSM Integration Guide. You can access it from the Entrust Document Library and from the nShield Product Documentation website.
Product configuration
| Product | Version |
|---|---|
Windows |
Windows 2022 |
Veeam Data Backup & Replication |
12.1.0.2131 |
Entrust KeyControl |
10.2 |
Supported features
The following Entrust KeyControl features have been tested in this integration.
| Entrust KeyControl Feature | Support |
|---|---|
Deployment in Nutanix AHV from ISO |
Yes |
Cluster Mode |
Yes |
Cluster Expansion |
Yes |
Node Removal |
Yes |
Retain Configuration After Total Cluster Power-Down |
Yes |
Support for the following Veeam Backup & Replication features have been tested in this integration.
| Veeam Backup & Replication Feature | Support |
|---|---|
Data-at-Rest Encryption |
Yes |
Re-Keying |
Yes |
Requirements
Veeam Backup & Replication requires the following certificates:
-
A certificate issued by a certificate authority to authenticate the KeyControl KMIP server.
-
A client certificate created by KeyControl.
A local certificate authority (A) is required, with both Veeam Backup & Replication and KeyControl in the domain. The local CA does not have to be a subordinate of a trusted CA.