Installing KeyControl Vault from an OVA Template

Before You Begin

Make sure that:

You know the IP address and any required network connection information, such as the domain name and the DNS and gateway IP addresses, for the machine on which you are installing KeyControl Vault.

Note: You must use an IPv4 address. KeyControl Vault does not support IPv6 addresses.
You have the required permissions to install software on the target system.
The target system meets the basic system requirements described in System Requirements.
VM host affinity is enabled to avoid Admin Key Recovery due to host migration.

Important: Make sure that all KeyControl Vault nodes reside on devices that are not encrypted. KeyControl Vault has its own internal encryption, and it must be available to provide the keys for the encrypted devices before the encrypted devices can be accessed.

Procedure

Log in to your vSphere Web Client.

Note: The following procedure uses the vSphere Web Client version 6.5. If you are using a different version of the Web Client, the procedure may vary slightly.
Navigate to Hosts and Clusters.
Select Actions > Deploy OVF Template.

Note: In this context, OVF and OVA are synonymous.
On the Select template page of the Deploy OVF Template wizard, browse to the location of your OVA file.
Select the file and click Next.

Specify the appropriate installation information in the remaining pages of the Deploy OVF Template wizard. Required fields are shown in red.

On the Select configuration page, the configuration options use the following resources:

Resource	Standard Installation	Large Installation
CPUs	2	4
RAM	8 GB	16 GB
Disk	60 GB	140 GB

Entrust recommends that you select a large installation if your system meets one or more of the following criteria:

More than four nodes in the KeyControl Vault cluster.
More than 500 virtual machine heartbeats OR more than 10,000 KMIP keys across all tenants together.
More than 100,000 secrets stored.

Note: The OVA deployment method creates the disk as 60 GB, even for large configurations. After KeyControl Vault is configured, please follow the vSphere instructions on increasing the disk size and increase it to 140 GB. This will require a reboot of KeyControl Vault. You must increase the size for each node. For details, see Increasing KeyControl Vault Storage in a VM.

On the Customize template page:

If you want to specify multiple DNS servers, enter their IP addresses as a comma-separated or space-separated list.
Specify a static IPv4 address in the Host IP address field. If you have an internal IP address that differs from your external IP address due to your firewall configuration, use the internal IP address. You cannot change the IP address for the node after it has been deployed.

Note: You must use an IPv4 address. KeyControl Vault does not support IPv6 addresses.
Do not use spaces or special characters in the Hostname and Domain Name fields. Only use alphanumeric characters or hyphens (-). You cannot change the hostname after the node has been deployed.

Note: Any uppercase letters in the hostname will be translated to lowercase after the node has been deployed.

For information about the other fields in this wizard, see your vSphere Web Client documentation.

After you have finished entering the deployment information, click Next and review your choices on the Ready to complete page.
Click Finish to deploy the KeyControl Vault node.
Wait until you receive a message that the installation is complete.

You can view the installation progress in the Recent Tasks tab in the vSphere Web Client.
If you selected the large installation configuration earlier in this procedure, you need to manually change the disk size allotted to the VM from the standard 60 GB to 140 GB. The OVA template sets the appropriate number of CPUs and the memory allocation but it cannot automatically change the standard disk size.
Power on the KeyControl Vault VM.
Configure the node as needed. For details, see one of the following:
- If this is the first KeyControl Vault node in the system or if you want this to be a standalone node, follow the steps in Configuring the First KeyControl Vault Node (OVA Install).
- If you are adding this node to an existing KeyControl Vault cluster, follow the steps in Adding a New KeyControl Vault Node to an Existing Cluster (OVA Install).