Enabling a Good Known Host

Enabling a Good Known Host indicates that you know and trust the host, and allows CloudControl to use this host when allocating and testing other hosts with the same BIOS and hypervisor versions for trust.

Before You Begin 

Ensure that TAS has been configured. See Configuring TAS.

Procedure 

  1. Select Compliance > Hosts.

  2. On the Hosts page, select the host that you want to modify and click Edit.

  3. On the Edit Host page, click the Trust Attestation tab.

    Note: The Trust Attestation tab appears only after the TAS server has been setup and configured.

  4. Check the Good Known Host (BIOS and VMM) checkbox.

    Important: Do not enable more than one Good Known Host with the same BIOS and hypervisor versions.

  5. Optionally click the Trusted button for the View Host Trust Attestation Report.

    A dump file of the Trust report opens in a separate page.

  6. Click OK to confirm your selection.

  7. Click OK.

    The Good Known Host icon () displays next to the host name. You can mouse-over the icon to see the host BIOS and hypervisor versions.

Once a Good Known Host is enabled, all other hosts under the same vCenter with the same BIOS and hypervisor versions are automatically marked as trusted. A good known host must be enabled for each different BIOS and hypervisor version of your hosts.

Important: If you apply ESXi patches, or otherwise change the signature of the Good Known Host, you may have to reboot the host two or more times before all changes to the OS are finalized. In this situation, the trust values need to be taken and trust reestablished after all reboots have finished. For more information, please contact support@hytrust.com.

 

HyTrust CloudControl v 5.5

Copyright © 2019 HyTrust, Inc. All Rights Reserved.

Follow us: