Adding a KMS Cluster in vSphere

1. Launch the vSphere Web Client and log into the vCenter server that you want to add to Entrust Cryptographic Security Platform Vault.
2. Select the vCenter Server in the Global Inventory Lists.
3. Click Configure.
4. Select Key Management Servers.

5. Click Add KMS and set the following configuration options:

   Option	Description
   KMS cluster	Select <Create new cluster>.
   Cluster name and Server alias	Enter a name and alias for the cluster. These names are local to vSphere and are not used by Cryptographic Security Platform Vault.
   Server address	The IP address for the Entrust KMIP server. This IP address must match the Cryptographic Security Platform Vault KMIP server Host Name shown in the Cryptographic Security Platform Vault webGUI. Important: Make sure that the KMIP server resides on a device that is not encrypted. The KMIP server must be available to provide the keys for the encrypted devices before the encrypted devices can be accessed.
   Server port	The port number for the Entrust KMIP server. The KMIP standard port is 5696.
   Proxy address and Proxy port	Enter this information if required by your network administrator.
   User name and Password.	Optional: The user name or password for the KMS cluster.

6. Click OK.
7. When prompted, click Yes to make this the default KMS cluster.

8. In the Trust Certificate dialog box, click Trust.

   This adds the KMS cluster to vCenter but the connection status will be "Cannot establish trust connection".

   

What to Do Next 

Establish a trusted connection between the KMS cluster and the Entrust KMIP server. How you do this depends on whether you want vSphere or Cryptographic Security Platform Vault to generate the Certificate Signing Rquest (CSR) used to establish the trusted connection. For more information, see Establishing a Trusted Connection with a Cryptographic Security Platform Vault-Generated CSR.