Decommissioning a KeyControl Node

Before You Begin 

• Make sure the node is not part of a cluster before you decommision it. For details, see Removing a KeyControl Node from a Cluster.

• Make sure you have access to all of the key parts for the Admin key that was generated for this system. All of the parts need to be uploaded within 10 minutes of the first file upload in order for the decommission to work.

  If there are multiple system administrators, each administrator has one of the key parts. You can either collect the parts and have one administrator upload them all or you can have each administrator log in and upload their part simultaneously.

  For this procedure you must use the Admin Key parts that were sent to the Security Administrators. You cannot use the Admin Key stored on an external key server.

Warning: When you decommission a KeyControl node, KeyControl uses zeroization to completely erase the data on the disks where the KeyControl software and the object store are located. This is a non-reversible procedure.

Procedure 

1. Log into the KeyControl Vault Management webGUI on the node you want to decommision using an account with Security Admin privileges.

2. In the top right, click the Switch to Appliance Management link.

3. In the top menu bar, click Settings.
4. In the System Settings section, click System Decommission.

5. Click Browse to upload the first part of the admin key. Navigate to the key part and click Choose. The filename of the key part replaces the text of the Browse button.

6. Click Upload File.

7. If there is only one admin key part, KeyControl immediately logs you out of the system and zeroes out the disks associated with the KeyControl node. If there are multiple key parts, KeyControl starts a 10 minute timer. All admin key parts must be uploaded within the 10 minutes before KeyControl will decommission the node.

8. If you need to restart the process, click Reset. You will need to re-upload all key parts to complete the process.