Configuring the First KeyControl Node (OVA Install)

This procedure explains how to use this console to configure this system as the first KeyControl node in the system. If you want to join this node with an existing KeyControl node, see Adding a New KeyControl Node to an Existing Cluster (OVA Install).

  1. Log into the system on which you installed the KeyControl software. The KeyControl installer will automatically start running as soon as the VM is powered on.

  2. Enter a password for the KeyControl system administration account htadmin and press Enter. The password must contain at least 6 characters and cannot contain spaces or any non-ASCII characters.

    This password controls access to the HyTrust KeyControl System Console that allows users to perform some KeyControl administration tasks. It does not permit a KeyControl user to access the full OS.

    Important: Make sure you keep this password in a secure place. If you lose the password, you will need to contact HyTrust Support. For security reasons, KeyControl does not provide a user-accessible password recovery mechanism.

  3. From the System Configuration page, select Install Initial KeyControl Node and press Enter. The installer configures KeyControl and then starts the appropriate services. This process will take a few minutes to complete. When the installer has finished, KeyControl displays a confirmation dialog stating that the setup was completed successfully.
  4. Review the confirmation dialog that provides the URL of the KeyControl webGUI (also known as the Management IP Address). You will need this URL in the next step.

    When you are done, press Enter to finish the installation. KeyControl displays the CentOS login prompt.

  5. To initialize the KeyControl webGUI and finish the configuration of the first node, do the following:

    1. Use a web browser to navigate to https://node-ip-address, where node-ip-address is the Management IP address. For security reasons, you must explicitly specify https:// in the URL.

    2. If prompted, add a security exception for the KeyControl IP address and proceed to the KeyControl webGUI.

      KeyControl uses its own Root Certificate Authority to create its security certificate, which means that certificate will not be recognized by the browser. For details, see KeyControl Certificates.

    3. On the HyTrust KeyControl Login page, enter secroot for both the username and password.
    4. Review the EULA (end user license agreement). When you are done, click I Agree to accept the license terms.
    5. On the Change Password page, enter a new password for the secroot account and click Update Password.

    6. On the Configure E-Mail and Mail Server Settings page, specify your email settings.

      If you specify an email address, KeyControl sends an email with the Admin Key for the new node. It also sends system alerts to this email address.

      To disable alerts, select the Disable e-mail notifications checkbox. You can then download the Admin Key from the Settings tab in the webGUI.

    7. When you are done, click Continue.
    8. On the Automatic Vitals Reporting page, specify whether you want to enable or disable Automatic Vitals Reporting.

      Automatic Vitals Reporting lets you automatically share information about the health of your KeyControl cluster with HyTrust Support. If you enable this service, KeyControl periodically sends an encrypted bundle containing system status and diagnostic information to a secure HyTrust server. HyTrust Support may proactively contact you if the Vitals Service identifies issues with the health of your cluster.

      KeyControl Security Admins can enable or disable this service at any time by selecting Settings > Vitals in the KeyControl webGUI. For details, see Configuring Automatic Vitals Reporting.

    9. When you are finished, click Save & Continue.

      KeyControl displays the KeyControl webGUI. For details about the tasks you can perform from the webGUI, see the Administration Guide.

    10. If you are using IE, import the certificate and add the KeyControl IP address to the trusted sites list in IE. You should also verify that the Downloads > File download option is enabled under Internet Options > Security > Custom Level.

What to Do Next