Adding a KMS Cluster in vSphere

1. Launch the vSphere Web Client and log into the vCenter server that you want to add to Entrust KeyControl Vault.
2. Select the vCenter Server in the Global Inventory Lists.
3. Click Configure.
4. Select Key Management Servers.

5. Click Add KMS and set the following configuration options:

   Option	Description
   KMS cluster	Select <Create new cluster>.
   Cluster name and Server alias	Enter a name and alias for the cluster. These names are local to vSphere and are not used by KeyControl Vault.
   Server address	The IP address for the Entrust KMIP server. This IP address must match the KeyControl Vault KMIP server Host Name shown in the KeyControl webGUI. Important: Make sure that the KMIP server resides on a device that is not encrypted. The KMIP server must be available to provide the keys for the encrypted devices before the encrypted devices can be accessed.
   Server port	The port number for the Entrust KMIP server. The KMIP standard port is 5696.
   Proxy address and Proxy port	Enter this information if required by your network administrator.
   User name and Password.	Optional: The user name or password for the KMS cluster.

6. Click OK.
7. When prompted, click Yes to make this the default KMS cluster.

8. In the Trust Certificate dialog box, click Trust.

   This adds the KMS cluster to vCenter but the connection status will be "Cannot establish trust connection".

   

What to Do Next 

Establish a trusted connection between the KMS cluster and the Entrust KMIP server. How you do this depends on whether you want vSphere or KeyControl Vault to generate the Certificate Signing Rquest (CSR) used to establish the trusted connection. For more information, see Establishing a Trusted Connection with a KeyControl Vault-Generated CSR.