Adding a New KeyControl Node to an Existing Cluster (OVA Install)

When you log into the target system for the first time after installing the KeyControl software, KeyControl displays the KeyControl System Menu. This procedure explains how to use this menu to configure this system as a new node in an existing KeyControl cluster.

Before You Begin 

Make sure you know the IP address of any KeyControl node that is already part of the cluster you want to join.

Procedure 

1. Log into the VM on which you installed the KeyControl software.

2. Enter a password for the KeyControl system administration account htadmin and press Enter. The password must contain at least 6 characters and cannot contain spaces or any non-ASCII characters.

   This password controls access to the HyTrust KeyControl System Console that allows users to perform some KeyControl administration tasks. It does not permit a KeyControl user to access the full OS.

   Important: Make sure you keep this password in a secure place. If you lose the password, you will need to contact HyTrust Support. For security reasons, KeyControl does not provide a user-accessible password recovery mechanism.

3. On the System Configuration screen, select Add KeyControl Node to Existing Cluster and press Enter.
4. Press Enter to confirm that you want to add the node to an existing cluster at the prompt.

5. Type the IP address of any KeyControl node already in the cluster and press Enter. KeyControl begins the initial configuration process for the node.

6. If prompted, type a one-time passphrase for this KeyControl node and press Enter.

   The passphrase must contain at least 16 alphanumeric characters. It cannot contain spaces or special characters. This phrase is a temporary string used to encrypt the initial communication between this node and the existing KeyControl cluster. When you authenticate the new node with the existing cluster, you will specify this passphrase in the KeyControl webGUI so that the existing node can decrypt the communication and verify that the join request is valid.

   If the wizard can connect to the designated KeyControl node, it displays the Authentication screen informing you that the node is now part of the cluster but must be authenticated in the KeyControl webGUI before it can be used by the system.

7. Authenticate the node in the KeyControl webGUI as described in Authenticating New KeyControl Nodes.

   When the Joining KeyControl Cluster screen displays a message stating that a Domain Administrator needs to authenticate the new node, log into the KeyControl webGUI on that node and authenticate the new server. After the node has been authenticated, KeyControl continues the setup process.

8. Once the authentication process is finished, KeyControl displays a message stating that the node was successfully added to the cluster and showing the IP address for the node. Press Enter to acknowledge the message.

What to Do Next 

• To create a dedicated webGUI account with Cloud Admin privileges that you can use to install the HyTrust DataControl Policy Agent, see Creating a Cloud Admin User Account.
• To create at least one Cloud VM Set into which you can put the VMs you plan to encrypt, see Creating a Cloud VM Set.