KeyControl Installation from an ISO Image

Contents

Introduction

This section details how to install a KeyControl node from an ISO image.

Installing the first KeyControl Node

When booting off the ISO you will see the following screen, if installing for the first time on this system:

 

Install New Disks

If the installer detects that a previous version of the software was installed, you will see the following screen and be asked whether you wish to upgrade the system or install the version on the ISO.

 

Install Overwrite

Choose the appropriate option and press Enter.

The HyTrust installer will scan for available disks which will then be presented to you. Select a disk on which to install the software. It is recommended that two disks are chosen for the install, to allow the HyTrust software to be mirrored between these two disks. Note that if you are installing KeyControl as a VM and the storage on the datastore is already redundant, you only need to install the software on one disk.

Use the arrow keys to select a disk and press Enter (or tab to OK) to select the first disk.

 

Install Choose Disks

Once you have selected the first disk, you will then be prompted to choose the disk to mirror the software to:

 

Install Second Disk

If you do not need to mirror the install, select None and then select OK and press Enter.

Before starting the install, you will be prompted one last time to confirm use of the disks selected and start the installation process. If you cancel at this point you will have the option of retrying the installation from the first menu, or shutting down the system.

 

Install Final Confirmation

The installation is very quick and should not take more than a minute or two. Pressing Enter will result in the machine being rebooted to perform the final steps of the installation setup. When you press Enter, the ISO CD/DVD will be ejected and the newly installed KeyControl node will boot. You should remove the CD/DVD at this point.

 

Install Reboot

If you are running as a VM please make sure that you disconnect the CD drive. For example, on vSphere, make sure that the Connect at power on button is not checked.

 

CD Eject

Post Install / Reboot configuration

Once the machine has rebooted, you will be prompted to choose the type of system that you are installing:

Install System Choice

Select option 1 (Initial KeyControl Appliance). You will be asked for confirmation that you wish to install the initial KeyControl node:

Install KeyControl Confirm

You will then be prompted to change the root/password combination that enables access to the console menus.

Install Change Password1

You will be required to enter the password twice. Passwords must be a minimum of eight characters. The console menu to which the root/password combination enables access to is where diagnostics and settings can be manipulated for this system during its lifetime. Without the password, access to the system for these tasks is impossible. It is critical that the password be stored safely somewhere.

Note that this is not a general login account. Since this is a secure node you cannot get a shell prompt and only have access to a basic menu system that allows for hardware change, network setup and general debugging capabilities. We cover these topics later.

NOTE - when logging in through the webGUI for the first time you will need a username/password combination of secroot/secroot. More details about logging in through the webGUI for the first time can be found in this section: An overview of the webGUI.

Next you will go through the process of setting up networking:

Install Nw Setup 1

You will be asked whether you wish to use DHCP, configure network settings by hand or perform VLAN configuration. The network you set up on the new server will be the one used by other HyTrust KeyControl nodes for management communications. It will also be the network used for communications between the KeyControl nodes and the VMs where the DataControl Policy Agent is running.

NOTE - even if you use DHCP you must use static IPs for all KeyControl nodes.

For network setup, you will first select the NIC to be used, if there are multiple NICs on the server. If there is only one interface you will proceed directly to choosing a network setup type.

The next screen will show networking settings. If DHCP was chosen in the previous screen, many of the parameters will be filled in. See Detailed Network Configuration for details.

Install Nw Details

A note about NTP: keeping time correct is important, particularly with respect to operation of the KeyControl cluster. We select NIST time servers by default. If you do not have access to these time servers, you need to specify a reachable NTP server.

Once networking is set up, the first KeyControl node is now ready to use. The final notice will display the IP address of this KeyControl node from which further setup and configuration can be done from within the webGUI.

Install Ready To Use

After installing the KeyControl node and before using the system, we highly recommend that you familiarize yourself with backing up the KeyControl node. Please refer to the chapter on KeyControl Backup and Restore for further information.

A subsequent login using root and the password you entered above will result in the configuration / reconfiguration menu being displayed.

Detailed Network Configuration

You will have the choice of three types of network setup: 1) using DHCP, 2) creating a custom configuration, or 3) creating a VLAN configuration.

For all setup types you will be assigning:

  • Host Name
  • Domain Name
  • Gateway
  • DNS Host
  • NTP Server(s)
  • IP Address
  • Netmask

For NTP configuration, there is a built-in default to pooled servers through ntp.org appropriate for installations in the United States.

If you are using DHCP, the system will gather any of the seven settings that are available from the DHCP server. Any settings not provided will have to be entered on the following Network Configuration form.

Install Full Nw Config

Creating a custom configuration and creating a VLAN are identical in that you will be filling in the assignments for all seven items. If creating a VLAN connection, you will be prompted for the VLAN ID. You will need to have the VLAN ID that the switch will be using for the connection.