Vcenter server encryption configuration using HyTrust KMS key Provider

 Steps:

1.Download HYTRust Keyprovider OVA from:

https://www.entrust.com/digital-security/key-management/keycontrol

They give 60 day trail free deployment.

2.Deploy the KMS server.

3.Once Installation completes. Login to Entrust server using IP and login with user/password you provided while install.

4.Go to "KMIP" ->Basic ,mark state=Enabled ,vesion=1.1






5.From KMIP ->client certificates->Actions ->Create client certificate (Don't give any passwords)
6.Select the created certificate and download ZIP file and extract.

7.Go to Vcenter server-> Configure ->Security->Key providers
     Add Standard key Provider
     provide KMS name (certificate name)
      IP of the Entrust server
      Port:5696
8.Select the KMS server and select the keys and "Establish Trust"
    Select the zip folder and choose <KMS>.PEM that we created
    use the same file for certificate and key upload path.


Now choose existing VM->Power off -> VM Policies ->Select "Encryption policy"
it takes nearly 10 minutes to configure the VM .

Now you can check VM Summary have :
     VM hardware have "Encryption details" and Hard disk(encrypted)








No comments:

Post a Comment

How to increase ESXi webclient login user application timeout

 To increase the default 15min timeout to 2hr Login to the esxi webclient on the right top corner ->Click the User login tab Select "...