Configuring a KMIP Server

Once you have your KeyControl cluster configured, you need to enable the included KMIP server. This server becomes the vSphere KMS (Key Management Server) when you establish a trusted connection between vSphere and KeyControl.

If you have already enabled the KMIP server in the cluster, make sure the configuration settings match the ones given below.

Note:

For details about the HyTrust KMIP server implementation and how to manage KMIP server objects, see KMIP Client and Server Configuration.

Log into the KeyControl webGUI on any node in the cluster using an account with Security Admin privileges.
Click the KMIP icon at the top of the screen.

Click the Basic tab and set the following configuration options:

Option	Setting	Description
State	ENABLED	To change the state: Click Disabled. The text changes to Enabled?. Click the check box next to Enabled?. Click Save.
Advanced Clustering	ENABLED	Any changes to a KMIP object will be automatically available to any nodes in the cluster.
Protocol	Version 1.1	This value is dependent on the vSphere-supported versions.

Option

Setting

Description

State

ENABLED

To change the state:

Click Disabled. The text changes to Enabled?.
Click the check box next to Enabled?.
Click Save.

Advanced Clustering

ENABLED

Any changes to a KMIP object will be automatically available to any nodes in the cluster.

Protocol

Version 1.1

This value is dependent on the vSphere-supported versions.

Click Apply and confirm your changes when prompted.

What to Do Next

Create a new user on the KMIP server and download the user certificates as described in Creating a User for VMware Encryption.

HyTrust DataControl v 4.1