KeyControl Installation from an ISO Image
Contents
- Introduction
- Installing the first KeyControl appliance
- Post Install / Reboot configuration
- Detailed Network Configuration
Introduction
This section details how to install a KeyControl appliance from an ISO image.
Installing the first KeyControl appliance
When booting off the ISO you will either see the following screen:
If the installer detects that a previous version of the software was installed, you will see the following screen and be asked whether you wish to upgrade the system or install the version on the ISO.
Choose the appropriate option and press Enter.
The HyTrust installer will scan for available disks which will then be presented to you. Select a disk on which to install the software. It is recommended that two disks are chosen for the install, to allow the HyTrust software to be mirrored between these two disks. Note that if you are installing KeyControl as a VM and the storage on the datastore is already redundant, you only need to install the software on one disk.
Use the arrow keys to select a disk and press Enter (or tab to OK) to select the first disk.
Once you have selected the first disk, you will then be prompted to choose the disk to mirror the software to:
If you do not need to mirror the install, select None and then selectOK and press Enter.
Before starting the install, you will be prompted one last time to confirm use of the disks selected and start the installation process. If you cancel at this point you will have the option of retrying the installation from the first menu, or shutting down the system.
The installation is very quick and should not take more than a minute or two. Once complete, you will see a final notice. Pressing Enter will result in the machine being rebooted to perform the final steps of the installation setup. When you press Enter, the ISO CD/DVD will be ejected and the newly installed HyTrust System will boot. You should remove the CD/DVD at this point.
If you are running as a VM please make sure that you disconnect the CD drive. For example, on vSphere, make sure that the Connect at power on button is not checked.
Post Install / Reboot configuration
Once the machine has rebooted, you will be prompted to choose the type of system that you are installing:
Select option 1 (Initial KeyControl Appliance). You will be asked for confirmation that you wish to install the initial KeyControl appliance:
You will then be prompted to change the root/password combination that enables access to the console menus.
You will be required to enter the password twice. Passwords must be a minimum of eight characters. The console menu to which the root/password combination enables access to is where diagnostics and settings can be manipulated for this system during its lifetime. Without the password, access to the system for these tasks is impossible. It is critical that the password be stored safely somewhere.
Note that this is not a general login account. Since this is a secure appliance you cannot get a shell prompt and only have access to a basic menu system that allows for hardware change, network setup and general debugging capabilities. We cover these topics later.
| NOTE - when logging in through the webGUI for the first time you will need a username/password combination of secroot/secroot. More details about logging in through the webGUI for the first time can be found in the section An overview of the webGUI. |
|---|
Next you will go through the process of setting up networking:
You will be asked whether you wish to use DHCP, configure network settings by hand or perform VLAN configuration. The network you set up on the new server will be the one used by other HyTrust servers for management communications. It will also be the network used for NAS-based Virtual Machine access on DataControl agents. However a separate 'storage network' configuration for DataControl Virtual Storage appliances can be created using the HyTrust webGUI. That can only be done after the DataControl agent is fully set up with this initial network configuration.
NOTE - even if you use DHCP you must use static IPs for all KeyControl clusters/servers and DataControl agents.
For network setup, you will first select the NIC to be used, if there are multiple NICs on the server. If there is only one interface you will proceed directly to choosing a network setup type.
The next screen will show networking settings. If DHCP was chosen in the previous screen, all of the parameters with the exception of the hostname will be displayed. If DHCP was not chosen, only the field with the NTP servers will be filled in.
A note about NTP: keeping time correct is important, particularly with respect to operation of the KeyControl cluster. We select NIST time servers by default. If you do not have access to these time servers, you need to specify a reachable NTP server.
Once networking is set up, the first KeyControl appliance is now ready to use. The final notice will display the IP address of this KeyControl appliance from which further setup and configuration can be done from within the webGUI.
| After installing the KeyControl appliance and before using the system, we highly recommend that you familiarize yourself with backing up the KeyControl server. Please refer to the chapter on KeyControl Backup and Restore for further information. |
|---|
A subsequent logon using root and the password you entered above will result in the configuration / reconfiguration menu being displayed.
Detailed Network Configuration
You will have the choice of network setup 1) using DHCP, 2) creating a custom configuration, or 3) creating a VLAN configuration.
For all setup types you will be assigning:
- Host Name
- Domain Name
- Gateway
- DNS Host
- NTP Server(s)
- IP Address
- Netmask
For NTP configuration, there is a built-in default to pooled servers through ntp.org appropriate for installations in the United States.
If you are using DHCP, the system will gather any of the seven settings that are available from the DHCP server. Any settings not provided will have to be entered on the following Network Configuration form.
Creating a custom configuration and creating a VLAN are identical in that you will be filling in the assignments for all seven items. If creating a VLAN connection, you will be prompted for the VLAN ID. You will need to have the VLAN ID that the switch will be using for the connection.