Configuring the First KeyControl Node (ISO Install)

When you reboot the target system after installing the KeyControl software from an ISO image, KeyControl launches the HyTrust SecureOS System Configuration wizard. This procedure explains how to use the wizard to configure this node as the first KeyControl node in the system.

1. On the Installation Type screen, select Initial KeyControl Appliance and press Enter.
2. Press Enter to confirm the selected installation type at the prompt.

3. On the Set System Password screen, enter a password for the KeyControl system and press Enter. The password must contain at least 6 characters and cannot contain spaces or any non-ASCII characters.

   This password cannot be reset from within KeyControl. If you lose the password, you will need to re-install the KeyControl software.

   Note:

   This password controls access to the System Console Menu that allows users to perform some KeyControl administration tasks. It does not permit a KeyControl user to access the full OS.

4. If there are multiple NICs on the network, select the first NIC you want use and press Enter.

5. On the HyTrust SecureOS Network Configuration screen, select the type of network you want to use for communication between the KeyControl nodes in the cluster and between the KeyControl nodes and the HyTrust DataControl Policy Agents running on the encrypted VMs in the system. You can select:

   • Use DHCP — Communication uses Dynamic Host Configuration Protocol. When you select this option, KeyControl queries the network and gathers as much information as it can automatically. This option is generally used for testing or proof of concept systems. Because KeyControl requires a static IP address, you should not use this option unless you manage your IP address assignments through your DHCP server.
   • Custom Configuration — KeyControl does not attempt to gather any network information automatically. Instead, you must specify all network information on the Network Configuration screen.
   • VLAN Configuration — Communication uses a virtual LAN. KeyControl queries the network and gathers as much information as it can automatically.

   After you have selected the network configuration type, select OK and press Enter.

6. If you selected VLAN Configuration, type the VLAN ID at the prompt, then select OK and press Enter.

7. On the Network Configuration screen, enter the hostname and review any network information the wizard automatically gathered. Make any required additions or modifications.

   • The hostname can contain any alphanumeric characters or hyphens (-). You cannot specify spaces or any other special characters in this field.

   • To enter multiple DNS addresses, separate them with a comma. For example, you could enter 192.168.162.2,192.168.162.3.

   • Make sure you specify a static IP address for the KeyControl node. If you specified DHCP as the communication protocol, this assignment must be done through your DHCP server.
   • For all network types, the NTP Servers configuration defaults to a set of pooled servers provided by ntp.org.  This default is set by FreeBSD.

8. When you have finished specifying the network information, select OK and press Enter. The installer restarts the network services to verify that the connection settings are correct.

   If the network is correctly configured, the wizard displays a final screen indicating success and showing the IP address for the KeyControl webGUI. Make a note of this IP address as you will need it to initialize the KeyControl webGUI.

   If the network is not correctly configured, you will be prompted to change the settings until KeyControl can connect to the network. The installation process will not complete without a valid network connection.

9. To complete the installation, press Enter.

   KeyControl displays the System Console Menu. From this point forward, KeyControl displays this menu whenever you log into the target system as root.

What to Do Next 

Set up the KeyControl webGUI as described in Initializing the KeyControl webGUI.