Configuring the First Cryptographic Security Platform Vault Node (OVA Install)

This procedure explains how to use this console to configure this system as the first Cryptographic Security Platform Vault node in the system. If you want to join this node with an existing Cryptographic Security Platform Vault node, see Adding a New Cryptographic Security Platform Vault Node to an Existing Cluster (OVA Install).

1. Log into the system on which you installed the Cryptographic Security Platform Vault software. The Cryptographic Security Platform Vault installer will automatically start running as soon as the VM is powered on.

2. Enter a password for the Cryptographic Security Platform Vault system administration account htadmin and press Enter. Password requirements are configured by a Cryptographic Security Platform Vault administrator in the System Settings.

   This password controls access to the Entrust Cryptographic Security Platform Vault System Console that allows users to perform some Cryptographic Security Platform Vault administration tasks. It does not permit a Cryptographic Security Platform Vault user to access the full OS.

   Important: Make sure you keep this password in a secure place. If you lose the password, you will need to contact Entrust Support. For security reasons, Cryptographic Security Platform Vault does not provide a user-accessible password recovery mechanism.

The installer configures Cryptographic Security Platform Vault and then starts the appropriate services. This process will take a few minutes to complete. When the installer has finished, Cryptographic Security Platform Vault displays a confirmation dialog stating that the setup was completed successfully.

3. Review the confirmation dialog that provides the URL of the Cryptographic Security Platform Vault webGUI (also known as the Management IP Address). You will need this URL in the next step.

   When you are done, press Enter to finish the installation. Cryptographic Security Platform Vault displays the login prompt.

4. To initialize the Cryptographic Security Platform Vault webGUI and finish the configuration of the first node, do the following:

   1. Use a web browser to navigate to https://node-ip-address, where node-ip-address is the Management IP address. For security reasons, you must explicitly specify https:// in the URL.

   2. If prompted, add a security exception for the Cryptographic Security Platform Vault IP address and proceed to the Cryptographic Security Platform Vault Management webGUI.

      Cryptographic Security Platform Vault uses its own Root Certificate Authority to create its security certificate, which means that certificate will not be recognized by the browser. For details, see Cryptographic Security Platform Vault Certificates.

   3. On the Entrust Cryptographic Security Platform Vault Management login page, enter secroot for both the username and password.
   4. Review the EULA (end user license agreement). When you are done, click I Agree to accept the license terms.
   5. On the Welcome to Cryptographic Security Platform Vault screen, click Continue as a Standalone Node.

   6. On the Change Password page, enter a new password for the secroot account and click Update Password.

   7. On the Configure E-Mail and Mail Server Settings page, specify your email settings.

      If you specify an email address, Cryptographic Security Platform Vault sends an email with the Admin Key for the new node. It also sends system alerts to this email address.

      To disable alerts, select the Disable e-mail notifications checkbox. You are then prompted to download the Admin Key.

   8. When you are done, click Continue.

   9. On the Download Admin Key page, click the Download button to save the admin key locally. Please keep the admin key in a safe place for later use. When Cryptographic Security Platform Vault prompts for an admin key to recover your Cryptographic Security Platform Vault system, you must provide this admin key to proceed. If you do not have your admin key, you may lose your data.

      Note: Whenever the admin key is regenerated, Cryptographic Security Platform Vault forces you to download the admin key.

   10. When you are finished, click Continue.

       Cryptographic Security Platform Vault displays the Cryptographic Security Platform Vault Management webGUI. For details about the tasks you can perform from the webGUI, see the Administration Guide.

What to Do Next 

• To add additional Cryptographic Security Platform Vault nodes to form a cluster, see Cryptographic Security Platform Vault OVA Installation followed by Adding a New Cryptographic Security Platform Vault Node to an Existing Cluster (OVA Install).
• To create a dedicated webGUI account with Cloud Admin privileges that you can use to install the Entrust Policy Agent, see Creating a Cloud Admin User Account.
• To create at least one Cloud VM Set into which you can put the VMs you plan to encrypt, see Creating a Cloud VM Set for the Cryptographic Security Platform Vault for VM Encryption.