Linking KeyControl with CloudControl

If you want to use the BoundaryControl feature for VMs in a Cloud VM Set or you want to link KMIP-client VMs to the KMIP objects they create in the KeyControl KMIP server, you need to link KeyControl to one or more CloudControl servers. CloudControl can then be used to configure rules and policies for the VMs in the associated Cloud VM Set while the Inventory feature tracks which client VMs go with which KMIP objects.

Each Cloud VM Set in KeyControl can be linked to a specific CloudControl server, allowing you to select the best CloudControl server for the VMs in each Cloud VM Set.

Before You Begin

Make sure you know the hostname or IP address of one or more HyTrust CloudControl servers to which you want to connect.
If you are using CloudControl version 5.1 or later, establishing the connection between KeyControl and CloudControl requires a one-time password generated by a CloudControl user with AppLink Management privileges. This one-time password is valid for 10 minutes after it is generated. Make sure that you can get the password from your CloudControl administrator and enter it into KeyControl within that time.
If you are using CloudControl version 5.0 or 4.6, establishing the connection requires the login credentials for a CloudControl account with the ASC_BCAdmin user role.

Procedure

If you are using CloudControl version 5.1 or later, log into CloudControl using an account with AppLink Management privileges and do the following:
1. Select Configuration > App Links.
2. On the One Time Code tab in the Select Role for App Link drop-down, select ASC_AppLinkAdmin.
3. When you are ready to transfer the code to KeyControl, click Submit.
4. Copy the one-time code displayed in the Code field.
Log into the KeyControl webGUI on any node in the cluster using an account with Security Admin privileges.
In the top menu bar click Settings.
In the System Settings section, click HTCC App Link.

On the HTCC App Link page, select Actions > Link and enter the following information.

Field	Description
Host	The hostname or IP address and port number for the CloudControl server, in the form `hostname` or `IP address:port-number`. When connecting to the server, KeyControl automatically prepends HTTPS:// to this field.
Protocol	The protocol should match the version of CloudControl that you are using. The default is HTCC 5.1.
SSL Verify	If Yes, the certificate for the CloudControl server is verified every time contact between KeyControl and CloudControl is established. If the KeyControl certificate changes, the connection will fail. If No, the CloudControl server certificate is only checked when the initial connection is established. The default is Yes.
One Time Code	If Protocol is set to HTCC 5.1 or higher, enter the App Link code generated in CloudControl.
Username Password	If Protocol is set to HTCC 5.0 or HTCC 4.6, enter the username and password for a CloudControl user account with the ASC_BCAdmin user role.

When you are finished, click Create.
If the connection information is correct, KeyControl displays the CloudControl certificate. Verify that the certificate is correct and that it is linked to the expected server. If is it correct, click Yes.
If desired, repeat this procedure to add a link to another KeyControl server.

What to Do Next

To enable the BoundaryControl feature on a VM, you must first create a Cloud VM Set with BoundaryControl enabled and then add the VM to that set. For details, see Creating a Cloud VM Set. For information about the KeyControl KMIP server, see KMIP Client and Server Configuration.

Open topic with navigation