Skip to main content

Vcenter server encryption configuration using HyTrust KMS key Provider

 Steps:

1.Download HYTRust Keyprovider OVA from:

https://www.entrust.com/digital-security/key-management/keycontrol

They give 60 day trail free deployment.

2.Deploy the KMS server.

3.Once Installation completes. Login to Entrust server using IP and login with user/password you provided while install.

4.Go to "KMIP" ->Basic ,mark state=Enabled ,vesion=1.1






5.From KMIP ->client certificates->Actions ->Create client certificate (Don't give any passwords)
6.Select the created certificate and download ZIP file and extract.

7.Go to Vcenter server-> Configure ->Security->Key providers
     Add Standard key Provider
     provide KMS name (certificate name)
      IP of the Entrust server
      Port:5696
8.Select the KMS server and select the keys and "Establish Trust"
    Select the zip folder and choose <KMS>.PEM that we created
    use the same file for certificate and key upload path.


Now choose existing VM->Power off -> VM Policies ->Select "Encryption policy"
it takes nearly 10 minutes to configure the VM .

Now you can check VM Summary have :
     VM hardware have "Encryption details" and Hard disk(encrypted)








Comments

Post a Comment

Popular posts from this blog

Deploy OVF fails Issues detected with selected template. Details: VALUE_ILLEGAL: No supported hardware versions among [virtualbox-2.2]; supported: [vmx-04, vmx-07, vmx-08, vmx-09, vmx-10, vmx-11, vmx-12, vmx-13, vmx-14, vmx-15, vmx-16, vmx-17, vmx-18, vmx-19].

 Error: While deploy using OVF file ,getting error as : Issues detected with selected template. Details: - -1:-1:VALUE_ILLEGAL: No supported hardware versions among [virtualbox-2.2]; supported: [vmx-04, vmx-07, vmx-08, vmx-09, vmx-10, vmx-11, vmx-12, vmx-13, vmx-14, vmx-15, vmx-16, vmx-17, vmx-18, vmx-19]. Solution: Open .OVF file and edit       <Info>Virtual hardware requirements for a virtual machine</Info>       <System>         <vssd:ElementName>Virtual Hardware Family</vssd:ElementName>         <vssd:InstanceID>0</vssd:InstanceID>         <vssd:VirtualSystemIdentifier>zabbix_appliance-6.2.7</vssd:VirtualSystemIdentifier>         <vssd:VirtualSystemType> virtualbox-2.2 </vssd:VirtualSystemType>       </System> to  vmx-19       <Info>Virtual hardware requireme...
Post a Comment
Read more

Change ESXi acceptane level of VIBs to community Supported

-When you install VIB bundles you may see issue like:               'Could not find a trusted signer: self signed certificate  For resolving this issue, we have to convert the ESXi to community supported acceptance level. -To do that: if  ESXI is a VM :      Edit settings ->boot option ->disable secure boot. if Physical ESXi:      Edit  UEFI Now ssh to ESXi: - Move the ESX machine to community-support esxcli software acceptance set --level=CommunitySupported - Install the bundle with no-sign-check esxcli software vib install -d  VMware_bootbank_vmware-fdm_7.0.1-16478307.vib --no-sig-check -  Set back PartnerSupported esxcli software acceptance set --level=PartnerSupported
Post a Comment
Read more