Firewall Requirements

To operate a KeyControl Vault cluster in your data center or private cloud, all VMs that operate in a public cloud and all Entrust DataControl Policy Agents in the system must be able to communicate with all KeyControl Vault nodes in the cluster.

For example, the following diagram shows a cluster of two KeyControl Vault nodes. The first has an IP address of 10.238.32.90. Port 6888 is externally facing in the firewall and is mapped back to this KeyControl Vault node. The second node has an IP address of 10.238.32.91, and the externally facing port 6889 as been mapped back to this node.

When a new VM is registered, you would specify the firewall IP address and port. The VM can then communicate with the KeyControl Vault node through the firewall via port 443 (HTTPS).