Installing KeyControl from an OVA Template

Before You Begin 

Make sure that:

• You know the IP address and any required network connection information, such as the domain name and the DNS and gateway IP addresses, for the machine on which you are installing KeyControl.

  Note: You must use an IPv4 address. KeyControl does not support IPv6 addresses.

• You have the required permissions to install software on the target system.
• The target system meets the basic system requirements described in System Requirements.

• If you are using VMware, ensure that all of your KeyControl deployments have VM-to-Host affinity enabled. This allows you to avoid Admin Key Recovery due to host migration. We recommend that you select 'Should run on hosts in group' for the rule specification. The group should contain only the one ESXi host that you are using for this KeyControl Vault VM.

Important: Make sure that all KeyControl nodes reside on devices that are not encrypted. KeyControl has its own internal encryption, and it must be available to provide the keys for the encrypted devices before the encrypted devices can be accessed.

Procedure 

1. Log in to your vSphere Web Client.

   Note: The following procedure uses the vSphere Web Client version 6.5. If you are using a different version of the Web Client, the procedure may vary slightly.

2. Navigate to Hosts and Clusters.

3. Select Actions > Deploy OVF Template.

   Note: In this context, OVF and OVA are synonymous.

4. On the Select template page of the Deploy OVF Template wizard, browse to the location of your OVA file.
5. Select the file and click Next.

6. Specify the appropriate installation information in the remaining pages of the Deploy OVF Template wizard. Required fields are shown in red.

   On the Select configuration page, the configuration options use the following resources:

   Resource	Standard Installation	Large Installation
   CPUs	2	4
   RAM	8 GB	16 GB
   Disk	65 GB	150 GB

   Entrust recommends that you select a large installation if your system meets one or more of the following criteria:

   • More than four nodes in the KeyControl cluster.
   • More than 500 virtual machine heartbeats OR more than 10,000 KMIP keys across all KMIP vaults together.
   • More than 100,000 secrets stored.

   Note: The OVA deployment method creates the disk as 60 GB, even for large configurations. After KeyControl is configured, please follow the vSphere instructions on increasing the disk size and increase it to 140 GB. This will require a reboot of KeyControl. You must increase the size for each node. For details, see Increasing KeyControl Storage in a VM.

   On the Customize template page:

   • If you want to specify multiple DNS servers, enter their IP addresses as a comma-separated or space-separated list.

   • Specify a static IPv4 address in the Host IP address field. If you have an internal IP address that differs from your external IP address due to your firewall configuration, use the internal IP address. You cannot change the IP address for the node after it has been deployed.

     Note: You must use an IPv4 address. KeyControl does not support IPv6 addresses.

   • Do not use spaces or special characters in the Hostname and Domain Name fields. Only use alphanumeric characters or hyphens (-). You cannot change the hostname after the node has been deployed.

     Note: Any uppercase letters in the hostname will be translated to lowercase after the node has been deployed.

   For information about the other fields in this wizard, see your vSphere Web Client documentation.

7. After you have finished entering the deployment information, click Next and review your choices on the Ready to complete page.

8. Click Finish to deploy the KeyControl node.

9. Wait until you receive a message that the installation is complete.

   You can view the installation progress in the Recent Tasks tab in the vSphere Web Client.

10. If you selected the large installation configuration earlier in this procedure, you need to manually change the disk size allotted to the VM from the standard 65 GB to 150 GB. The OVA template sets the appropriate number of CPUs and the memory allocation but it cannot automatically change the standard disk size.
11. Power on the KeyControl VM.

12. Configure the node as needed. For details, see one of the following:

    • If this is the first KeyControl node in the system or if you want this to be a standalone node, follow the steps in Configuring the First KeyControl Node (OVA Install).
    • If you are adding this node to an existing KeyControl cluster, follow the steps in Adding a New KeyControl Node to an Existing Cluster (OVA Install).