Configuring Auto Rekey for a Cloud VM Set
You can configure KeyControl to automatically rekey all disks on all VMs in a Cloud VM Set on a specific schedule. This provides additional security but may impact system performance depending on the size of the encrypted disks and the server load.
For maximum flexibility, you can override the default Auto Rekey settings on a VM by VM basis as well. For details, see Configuring Auto Rekey for a VM.
| Note: | If you configure Auto Rekey for a Cloud VM Set that has the Single Encryption Key (SEK) option enabled, KeyControl uses the current version of the SEK key when it performs the auto rekey. It does not automatically create a new SEK key version. If you want to automatically rekey all of the encrypted disks |
Procedure
- Log into the KeyControl webGUI on any node in the cluster using an account with Cloud Admin privileges.
- In the top menu bar, click Cloud.
- Select the Cloud VM Set for which you want to configure Auto Rekey.
-
Set the following properties on the Details tab:
Option
Description
Max Parallel Rekey Operations
The number of concurrent Auto Rekey operations that can be performed for VMs in the Cloud VM Set. The default is 1.
Rekey Interval
If you specify any value other than 0 (zero) for this option, KeyControl periodically creates a rekey task for every encrypted disk in
To disable Auto Rekey, enter 0 in this field. By default, Auto Rekey is disabled.
-
When you are finished entering a value in each field, click Save. KeyControl sends the changes to the VMs in the Cloud VM Set on the next heartbeat.
- You can track the progress of all rekey operations on the Dashboard in the Tasks tile.
|
Follow us: |
