Registering a Cloned VM with Simplified Authentication
Backups, clones, and snapshots look identical to KeyControl Vault. If you want both a VM and its clone running at the same time, you need to clone the VM certificate issued to the original VM and then register the clone using that certificate.
If the root drive is encrypted on the VM, you must register the certificate from the debug console or the VM console. For details, see Registering a Linux Root-Drive-Encrypted Cloned VM with Simplified Authentication.
If only data drives are encrypted on the VM, there are two ways to register the certificate:
- Standard Authentication—The most secure authentication method. You create a certificate in the KeyControl webGUI which you then copy to the target system. For details, see .
- Simplified Authentication—The easiest method. It allows you to skip downloading a certificate from KeyControl Vault, but it does require you to enter the KeyControl Vault credentials on the command line. You should only use this method if the VM is secure. This method is described below.
Procedure
- For Linux, log into the VM as
root. For Windows, log in as a System Administrator and open a Command Prompt or start Windows PowerShell. -
Update the certificate on the cloned VM by entering the command
hcl updatecert -a [-u username -p password] [-e certificate expiration]command, where:-atellshclto contact KeyControl Vault to get the new certificate.-uis a KeyControl Vault user account with Cloud Admin privileges. If you do not enter a user account name you will be prompted for one.-pis the password for the KeyControl Vault user account. If you do not enter a password you will be prompted for one.-eis the certificate expiration date in the format MM/DD/YYYY. If you do not enter an expiration date, KeyControl Vault uses the default date set in the Certificate Expiration option for the Cloud VM Set that this VM belongs to. The default is one year from the creation date.
For example:
# hcl updatecert -a -u CloudAdmin -p DogDays123! -e 06/30/2022
-
Register the VM with KeyControl Vault by entering the following command:
hcl register -a -c [-h vm-name] [-d "vm-description"] [-u username [-p password]] [-z cvm-set] kc-hostname[:port],kc-hostname2[:port],...where:
-aindicates that hcl should download the VM certificate from KeyControl Vault and do the registration and authentication in one step.-cindicates that this a cloned VM.-h(optional) — The name of the clone VM that will be displayed in the KeyControl webGUI (Default: hostname).-d(optional) — A description of the clone VM that will be displayed in the KeyControl webGUI.-uis a KeyControl Vault user account with Cloud Admin privileges. If you do not enter a user account you will be prompted for one.-pis the password for the KeyControl Vault user account. If you do not enter a password you will be prompted for one.-z(optional) — The name of the Cloud VM Set defined in the KeyControl Vault cluster to which you want to assign this VM. If you do not specify this parameter, the registration prompts you for the set name.-
kc-hostname[:port],kc-hostname2[:port],...(required) — The list of IP addresses or hostnames for the KeyControl Vault nodes with which you want to register the VM. You must specify at least one KeyControl Vault node in this list. You must also specify a port if the KeyControl Vault nodes use anything other than the default port (443). On Windows, if you specify more than one IP address, enclose the list in double-quotes.
For example, if the clone VM name is "hq-vm-clone", the description is "Clone of HQ Server", and you want to register it with two KeyControl Vault nodes at 10.238.32.74 and 10.238.32.75, you would enter:
# hcl register -a -c -h hq-vm-clone -d "Clone of HQ Server" 10.238.32.74,10.238.32.75 Please provide the KeyControl login details username: htcloudadmin password: ******** Registered as hq-vm-clone with KeyControl node(s) 10.238.32.74,10.238.32.75 Completing authentication for hq-vm-clone on KeyControl node(s) 10.238.32.74,10.238.32.75 Authentication complete, machine ready to use
