Configuring a KMIP Server

Once you have your KeyControl cluster configured, you need to enable the included KMIP server. This server becomes the vSphere KMS (Key Management Server) when you establish a trusted connection between vSphere and KeyControl.

If you have already enabled the KMIP server in the cluster, make sure the configuration settings match the ones given below.

For details about the Entrust KMIP server implementation and how to manage KMIP server objects, or how to configure KMIP with a Hardware Security Module (HSM), see KMIP Client and Server Configuration or Hardware Security Modules with KeyControl.

Important: Make sure that all KeyControl nodes reside on devices that are not encrypted. KeyControl has its own internal encryption, and it must be available to provide the keys for the encrypted devices before the encrypted devices can be accessed.

  1. Log into the KeyControl webGUI using an account with Security Admin privileges.
  2. In the top menu bar, click KMIP.

  3. In KeyControl v5.4 and earlier:

    Click the Settings tab and set the following configuration options:

    Option Setting Description

    State

    ENABLED

    Starts the KeyControl KMIP server.

    Protocol

    Version 1.1

    This value is dependent on the vSphere-supported versions.

    From KeyControl v5.5:

    Click the Settings tab and set the State to ENABLED.

  4. Click Apply and confirm your changes when prompted.

What to Do Next 

Create the KMS cluster in vSphere as described in Adding a KMS Cluster in vSphere.