KMIP Client and Server Configuration
KMIP (Key Management Interoperability Protocol) enables the secure creation and storage of keys and other security objects on a key management server. You can configure KeyControl as a KMIP client and then store the Admin key on a third-party KMIP server instead of having each Security Admin hold a part of the key.
Note: You can also use an HSM (Hardware Security Module) to store the Admin Key. For details, see Hardware Security Modules with KeyControl.
In addition, KeyControl includes a fully functional KMIP server that you can use to serve requests from external KMIP clients. The KeyControl KMIP server supports KMIP versions 1.0, 1.1, 1.2, 1.3, 1.4, 2.0, 2.1, 3.0. The KMIP server is required if you want to use KeyControl with VMs and VSAN datastores encrypted by vSphere. For details, see
If you have linked KeyControl with a Entrust CloudControl server version 5.1 or later, the Inventory feature in CloudControl provides an identifier that links each VM with its associated KMIP objects.
Tip: If you have two separate KeyControl clusters, you can store the Admin key for one cluster in the KMIP server on the other cluster. The clusters must be completely separate however. You cannot store the Admin key for a cluster in the KMIP server running on that cluster.
For details on KMIP, see the KMIP Technical Committee home page. For troubleshooting and error messages, see KMIP Errors and Troubleshooting.
