Enabling Linux Online Encryption with the webGUI

To enable Online Encryption for Linux disks, you need to install the HTCrypt Driver on the VM hosting those disks. During this process, the VM may need to be rebooted if the Linux kernel on the VM needs to be updated in order to install the required packages. The webGUI allows you to specify whether you want this reboot to happen automatically if it is required.

You only need to perform this procedure once for each Linux VM. After the HTCrypt Driver has been installed, the Policy Agent will automatically use it every time it encrypts, decrypts, or rekeys a disk on that VM.

Note: You cannot use Online Encryption if there is an Access Control Policy associated with the VM. If you enable the HTCrypt Driver and apply an Access Control Policy to the disk, online encryption will fail.

The following procedure describes how to install the HTCrypt Driver for the first time using the webGUI. You can also install the driver using the CLI  as described in Enabling Linux Online Encryption with the CLI. If your Linux kernel version has changed, see Updating the HTCrypt Kernel Dependencies.

Before You Begin 

Make sure the VM meets the requirements described in Linux Encryption Prerequisites and Linux Online Encryption Prerequisites and Considerations.

Procedure 

  1. Log into the KeyControl webGUI using an account with Cloud Admin privileges.
  2. In the top menu bar, click Cloud.
  3. Navigate to the VMs tab, select the VM on which you want to install the HTCrypt Driver, then click the Expand button (>) at the end of the row to view the VM details.
  4. In the Details tab, click Install Now in the HTCrypt State field.

  5. If you want KeyControl to reboot the VM automatically to complete the driver installation, check the Reboot VM check box in the confirmation dialog box.

    If you do not check the Reboot VM check box, the driver will be installed on the VM but it will not be active on any disk that is currently attached. After the installation finishes, you need to either reboot the VM manually or detach and then reattach any currently attached disks so that the Policy Agent can use the HTCrypt Driver for online encryption on those disks.

  6. Click Install Driver.

    The HTCrypt State field shows that the HTCrypt Driver is scheduled for installation. When the installation is finished, KeyControl raises an alert and changes the HTCrypt State to "Installed".

    Note: The installation could take a few minutes to complete depending on how long it takes to install the dependencies. When the installation is finished, the HTCrypt State field will display "Installed" and the HTCrypt Version field will display the correct driver version number. You can monitor the progress of the installation task on the Dashboard in the Tasks tile.

  7. If the HTCrypt Version field indicates that the VM needs to be rebooted, either reboot the VM or detach and reattach all currently attached disks to finish the installation process.

What to Do Next 

If your system is setup with UEFI boot, see Configuring UEFI Secure Boot in RHEL (CentOS).