Configuring the First Cryptographic Security Platform Compliance Manager Node

Follow this procedure if you are configuring the first Cryptographic Security Platform Compliance Manager node in the cluster. If you are adding the node to an existing cluster, see Configuring Additional Cryptographic Security Platform Compliance Manager Nodes.

Before You Begin 

Make sure you have the following information:

  • The private SSH key file that was used when the instance was created.

    Important: The private part of the SSH key file cannot be reset or recovered once the VM is configured, even if you use the Azure "Reset Password" method. Please ensure that you keep it in a safe place.

  • The Public IP address associated with the instance.

    To find the Public IP address, select All resources from the Azure Resource Manager dashboard, then click on the virtual machine name on which the Cryptographic Security Platform Compliance Manager node is running. The public IP address is displayed in the VM details section at the top of the page.

Important: Azure might disconnect ssh sessions if idle for more than 5 minutes. To prevent this, please use the ServerAliveInterval and ServerAliveCountMax opens in the ssh client command line to keep the session active.

We recommend using ssh CLI options to send a KeepAlive packet with a frequency duration of less than 5 minutes. Please refer to the sshd_config man page for how to use the ServerAliveInterval and ServerAliveCountMax options. For example: 

ssh -o ServerAliveInterval=180 -o ServerAliveCountMax=10 user@host

Procedure 

  1. To initialize Cryptographic Security Platform Compliance Manager for this cluster, do the following:

    1. Use a web browser to navigate to https://<Public-IP-addy>, where <Public-IP-addy> is the Public IP address Azure assigned to the Cryptographic Security Platform Compliance Manager VM. For security reasons, you must explicitly specify https:// in the URL.

    2. If prompted, add a security exception for the Cryptographic Security Platform Compliance Manager IP address and proceed to the Cryptographic Security Platform Compliance Manager webGUI.

      Cryptographic Security Platform Vault uses its own Root Certificate Authority to create its security certificate, which means that certificate will not be recognized by the browser. For details, see Cryptographic Security Platform Compliance Manager Certificates.

    3. On the Entrust Cryptographic Security Platform Compliance Manager login page, enter secroot for the username and enter the VM unique ID (vmId) for the password.
    4. Review the EULA (end user license agreement). When you are done, click I Agree to accept the license terms.
    5. On the Welcome to Cryptographic Security Platform Compliance Manager screen, click Continue as a Standalone Node.

    6. On the Change Password page, enter a new password for the secroot account and click Update Password.

    7. On the Configure E-Mail and Mail Server Settings page, specify your email settings.

      If you specify an email address, Cryptographic Security Platform Compliance Manager sends an email with the Admin Key for the new node. It also sends system alerts to this email address.

      To disable alerts, select the Disable e-mail notifications checkbox. You are then prompted to download the Admin Key.

    8. When you are done, click Continue.

    9. On the Download Admin Key page, click the Download button to save the admin key locally. Please keep the admin key in a safe place for later use. When Cryptographic Security Platform Compliance Manager prompts for an admin key to recover your Cryptographic Security Platform Compliance Manager system, you must provide this admin key to proceed. If you do not have your admin key, you may lose your data.

      Note: Whenever the admin key is regenerated, Cryptographic Security Platform Compliance Manager forces you to download the admin key.

    10. When you are finished, click Continue.

      Cryptographic Security Platform Vault displays the Cryptographic Security Platform Compliance Manager webGUI. For details about the tasks you can perform from the Cryptographic Security Platform Compliance Manager webGUI, see the Entrust Cryptographic Security Platform Compliance Manager Administration Guide.

Important: The secroot password and the htadmin password are the same for the first login, and are by default set to the vmId. You can either change it, or leave it as is. If you change the htadmin password in the Cryptographic Security Platform Compliance Manager System Console, it only changes the password for this particular node, and does not affect the secroot password.

If you do not know the vmId, you can access using one of the following methods: 

  • Access the CLI by clicking the Cloud Shell icon in the Azure GUI, then type the following command:

    Azure:~$ az vm show -g <resource-group> -n <name> --query vmId

    Make sure that v, m, and d are lower-case and that I is the upper-case i in vmId.

  • Open the JSON View link from the VM's Essentials information screen and locate the vmId.

What to Do Next 

If you want to add another Entrust Cryptographic Security Platform Compliance Manager node to this cluster, create another Azure resource as described in Deploying a Cryptographic Security Platform Compliance Manager Node in Azure and then configure it as described in Configuring Additional Cryptographic Security Platform Compliance Manager Nodes.

If you want to configure your Entrust Cryptographic Security Platform Compliance Manager cluster, see the Entrust Cryptographic Security Platform Compliance Manager Administration Guide.