Configuring Auto Rekey for a Cloud VM Set

You can configure KeyControl to automatically rekey all disks on all VMs in a Cloud VM Set on a specific schedule. This provides additional security but may impact system performance depending on the size of the encrypted disks and the server load.

For maximum flexibility, you can override the default Auto Rekey settings on a VM by VM basis as well. For details, see Configuring Auto Rekey for a Windows VM.

Considerations when using Auto Rekey:

Procedure 

  1. Log into the KeyControl webGUI on any node in the cluster using an account with Cloud Admin privileges.
  2. In the top menu bar, click Cloud.
  3. Select the Cloud VM Set for which you want to configure Auto Rekey.

  4. Set the following properties on the Details tab:

    Option

    Description

    Max Parallel Rekey Operations

    The number of concurrent Auto Rekey operations that can be performed for VMs in the Cloud VM Set. The default is 1.

    Rekey Interval

    If you specify any value other than 0 (zero) for this option, KeyControl periodically creates a rekey task for every encrypted Windows disk in every Windows VM that is registered with this Cloud VM Set. You can select any number of days, weeks, months, or years and KeyControl will automatically rekey the Windows disks on that schedule.

    To disable Auto Rekey, enter 0 in this field. By default, Auto Rekey is disabled.

    Note: The Auto Rekey feature only works with Windows disks. If this Cloud VM Set contains Linux VMs, those disks will not be automatically rekeyed. To manually rekey a disk, see Rekeying a Disk Using the webGUI or Rekeying a Disk using the CLI.

  5. When you are finished entering a value in each field, click Save. KeyControl sends the changes to the VMs in the Cloud VM Set on the next heartbeat.

  6. You can track the progress of all rekey operations on the Dashboard in the Tasks tile.

 

HyTrust DataControl v 4.2.1

Copyright © 2018 HyTrust, Inc. All Rights Reserved.

Follow us: