Initializing the KeyControl webGUI

The first time you log into the webGUI for a KeyControl node, you need to do some basic initialization. After this process is complete, you can log directly into the webGUI without going through these steps.

1. Use a web browser to navigate to https://node-ip-address, where node-ip-address is the Management IP address you specified during installation. For security reasons, you must explicitly specify https:// in the URL.

   Tip: If you do not know the Management IP address for the node, log into the system on which the node is installed as htadmin. KeyControl displays the Entrust KeyControl System Console. From the menu, select Manage Network Settings > Show Current Network Configuration.

2. If prompted, add a security exception for the KeyControl IP address and proceed to the KeyControl webGUI.

   KeyControl uses its own Root Certificate Authority to create its security certificate, which means that certificate will not be recognized by the browser. For details, see KeyControl Certificates.

3. On the HyTrust KeyControl Login page, enter secroot for both the username and password.
4. Review the EULA (end user license agreement). When you are done, click I Agree to accept the license terms.
5. On the Welcome to KeyControl screen, click Continue as a Standalone Node.

6. On the Change Password page, enter a new password for the secroot account and click Update Password.

7. On the Configure E-Mail and Mail Server Settings page, specify your email settings.

   If you specify an email address, KeyControl sends an email with the Admin Key for the new node. It also sends system alerts to this email address.

   To disable alerts, select the Disable e-mail notifications checkbox. You can then download the Admin Key from the Settings tab in the webGUI.

8. When you are done, click Continue.

9. On the Download Admin Key page, click the Download button to save the admin key locally. Please keep the admin key in a safe place for later use. When KeyControl prompts for an admin key to recover your KeyControl system, you must provide this admin key to proceed. If you do not have your admin key, you may lose your data.

   Note: Whenever the admin key is regenerated, KeyControl forces you to download the admin key.

10. On the Automatic Vitals Reporting page, specify whether you want to enable or disable Automatic Vitals Reporting.

    Automatic Vitals Reporting lets you automatically share information about the health of your KeyControl cluster with Entrust Support. If you enable this service, KeyControl periodically sends an encrypted bundle containing system status and diagnostic information to a secure Entrust server. Entrust Support may proactively contact you if the Vitals Service identifies issues with the health of your cluster.

    KeyControl Security Admins can enable or disable this service at any time by selecting Settings > Vitals in the KeyControl webGUI. For details, see Configuring Automatic Vitals Reporting.

    Note: You cannot disable Automatic Vitals Reporting during the trial license period.

11. When you are finished, click Continue.

    KeyControl displays the KeyControl webGUI. For details about the tasks you can perform from the webGUI, see the Administration Guide.

12. If you are using IE, import the certificate and add the KeyControl IP address to the trusted sites list in IE. You should also verify that the Downloads > File download option is enabled under Internet Options > Security > Custom Level.

What to Do Next 

• To add additional KeyControl nodes to form a cluster:

  • For OVA, see KeyControl OVA Installation followed by Adding a New KeyControl Node to an Existing Cluster (OVA Install).
  • For ISO, see Installing a New KeyControl Cluster Node from an ISO Image.
• To create a dedicated webGUI account with Cloud Admin privileges that you can use to install the Entrust DataControl Policy Agent, see Creating a Cloud Admin User Account.
• To create at least one Cloud VM Set into which you can put the VMs you plan to encrypt, see Creating a Cloud VM Set.