Installation Overview

This document contains the standard installation procedures for Entrust KeyControl Vault. For installation on Amazon Web Services, see KeyControl Vault and DataControl in Amazon Web Services. For installation on Azure, see KeyControl Vault and DataControl in Microsoft Azure.

To configure a basic KeyControl Vault cluster and register one or more VMs with that cluster, you need to install KeyControl Vault on one or more servers and then install the Policy Agent on each VM you want to register. To do so:

Step

 Description Notes

1 

 Verify that the systems you want to use meet the basic system requirements. See System Requirements.

2 

Install the KeyControl Vault software on the target system.

Important: Make sure that all KeyControl Vault nodes reside on devices that are not encrypted. KeyControl Vault has its own internal encryption, and it must be available to provide the keys for the encrypted devices before the encrypted devices can be accessed.

If you want to use VMware vCenter to deploy KeyControl Vault using an OVA template, see KeyControl Vault OVA Installation.

If you want to install KeyControl Vault on an existing VM, see KeyControl Vault ISO Installation.

3 

Configure the first KeyControl Vault node and initialize the KeyControl webGUI.

For OVA, see Configuring the First KeyControl Vault Node (OVA Install).

For ISO, see Installing the First KeyControl Vault Node from an ISO Image.

4 

 If desired, install additional KeyControl Vault nodes and join them to the cluster. The number of nodes you can install is dictated by your KeyControl Vault license.

For OVA, see KeyControl Vault OVA Installation followed by Adding a New KeyControl Vault Node to an Existing Cluster (OVA Install).

For ISO, see Installing a New KeyControl Vault Cluster Node from an ISO Image.

5 

Optionally, create a KeyControl Vault user with Cloud Admin privileges.

The Policy Agent installation process requires you to specify a KeyControl Vault user account with Cloud Admin privileges.

While you can use the default secroot account for this purpose, you may want to create a separate account with limited permissions instead of exposing the secroot password on the VM.

For details, see Creating a Cloud Admin User Account.

6 

Create at least one Cloud VM Set into which you can put the VMs you plan to encrypt.

A Cloud VM Set is required when you register the Policy Agent with KeyControl Vault.

For details, see Creating a Cloud VM Set.

7 

Install the Entrust DataControl Policy Agent on each VM that you want to encrypt.

For Linux, see Linux Policy Agent Installation.

For Windows, see Windows Policy Agent Installation.

Note: A 30-day license key is shipped with the product and will be activated when you install and configure the first KeyControl Vault node. This trial license allows you to install up to two KeyControl Vault nodes, encrypt up to 5 virtual machines, and use all product features. For details about managing your licenses, see Upgrading Your Trial License.