Configuring Multiple NICs on an Existing KeyControl Node

When you deploy a new KeyControl node, you configure the management interface during that process. We strongly recommend that you do not change this interface after you have deployed the node if the node is part of a cluster or if there are VMs registered with the node.

The following procedure describes how to add and configure additional NICs on an already-deployed node. For details about deploying a new KeyControl node, see Installing KeyControl from an OVA Template or Installing the First KeyControl Node from an ISO Image.

Warning: During the following procedure, the node will be unavailable at certain points. If the node is part of a cluster, the cluster will become degraded if the node is unreachable for too long. If the node is a standalone node, any VMs registered with the node will be unable to retrieve their keys while the node is offline.

In addition, if the node is part of a cluster and you want to change the management interface, you must remove the node from the cluster first.

  1. If the additional NICs you want to use have not yet been configured on the VM in which the KeyControl node is running, do the following:

    1. If the KeyControl node is powered on, shut it down using your hypervisor or the node's HyTrust KeyControl System Console. For details, see Using the KeyControl HyTrust KeyControl System Console.

    2. In your hypervisor, add the new NICs to the KeyControl VM and configure them using your corporate standards.

      Note: Make sure that the new NICs use the same adapter type as the existing NICs. For example, if the management interface NIC is of type VMXNET, the new NICs must be of type VMXNET as well.

    3. Make a note of the MAC address you are using for each NIC. When the NICs are displayed in KeyControl, they are identified by their MAC address. Therefore, when you go to configure the NIC in KeyControl later in this procedure, you will need to know its MAC address.
    4. Power on the KeyControl VM.

  2. Log in as root on the KeyControl node whose NICs you want to configure.

    KeyControl displays the HyTrust KeyControl System Console TUI (Text-based User Interface).

  3. Select Manage Network Settings.
  4. Select Change Current Network Configuration.

  5. Select the NIC you want to configure and press Enter.

    The management interface is designated with an * (asterisk). We strongly recommend that you do not change this interface after deployment if this node is part of a KeyControl cluster or any VMs are registered with this node. If you select the management interface, acknowledge the configuration request at the prompt.

  6. On the HyTrust SecureOS Network Configuration screen, select the type of network you want to use for communication between the KeyControl nodes in the cluster and between the KeyControl nodes and the HyTrust DataControl Policy Agents running on the encrypted VMs in the system. You can select:

    • Use DHCP — Communication uses Dynamic Host Configuration Protocol. When you select this option, KeyControl queries the network and gathers as much information as it can automatically. This option is generally used for testing or proof of concept systems. Because KeyControl requires a static IP address, you should not use this option unless you manage your IP address assignments through your DHCP server.
    • Custom ConfigurationKeyControl gathers any network information it can find and displays the Network Configuration screen. If the node was deployed from an OVA template, KeyControl displays the network information entered during deployment.
    • VLAN Configuration — Communication uses a virtual LAN. KeyControl queries the network and gathers as much information as it can automatically.

    After you have selected the network configuration type, select OK and press Enter.

  7. If you selected VLAN Configuration, type the VLAN ID at the prompt, then select OK and press Enter.

  8. On the Network Configuration screen, review any network information the wizard automatically gathered and make any required additions or modifications. While you do so, keep in mind:

    • Changing the hostname on one NIC changes it for all NICs, including the management interface NIC. If this node is part of a cluster, you should not change the hostname for the node.

    • All NICs must use the same default gateway and DNS server list. If you change these fields on one NIC, KeyControl automatically changes them for all NICs.

    • Make sure you specify a static IP address for the KeyControl node. If you specified DHCP as the communication protocol, this assignment must be done through your DHCP server.
    • For all network types, the NTP Servers configuration defaults to a set of pooled servers provided by ntp.org.  This default is set by FreeBSD.

  9. When you have finished specifying the network information, select OK and press Enter.

    KeyControl restarts the network services using the new configuration. Contact with the node via the KeyControl webGUI or by any VMs registered with the node will be unavailable until the restart is finished.

    When the network finishes restarting, KeyControl displays the HyTrust KeyControl System Console.

  10. Repeat the proceeding steps for any other NICs you want to configure. KeyControl will restart the network services and the node will be unreachable for a short time after each configuration change.

  11. If you want to verify the configuration information, select Manage Network Settings. From there, you can select:

    • Show Current  Configuration Parameters to view a list of the configured NICs with their IP addresses and netmasks. The management interface IP address is shown in the hcs_management_if field.
    • Show Current Configured Interfaces to view the ifconfig output for the available NICs.