KMIP Client and Server Configuration

KMIP (Key Management Interoperability Protocol) enables the secure creation and storage of keys and other security objects on a key management server. You can configure KeyControl as a KMIP client and then store the Admin key on a third-party KMIP server instead of having each Security Admin hold a part of the key.

Note:

You can also use a HSM (Hardware Security Module) to store the Admin Key. For details, see Hardware Security Modules with KeyControl.

KeyControl also includes a fully functional KMIP server that you can use to serve requests from external KMIP clients. The KMIP server is required if you want to use KeyControl with servers encrypted by vSphere. For details, see HyTrust KeyControl with VMware vSphere VM and VSAN Encryption. This integration is further enhanced if you have linked KeyControl with a HyTrust CloudControl server. The Inventory feature in HTCC provides an identifier that links each VM to its associated KMIP objects.

For details on KMIP, see the KMIP Technical Committee home page. For troubleshooting and error messages, see KMIP Errors and Troubleshooting.

HyTrust DataControl v 4.1