HyTrust KeyControl Enabled encryption users to easily manage their encryption keys at scale. HyTrust is the only KMS vendor that VMware invested in. It is available as an OVA, for fast installation and configuration in VMware vCenter. In this post I show you how to easily install and configure this KMS service in a vSphere environment.

Step 1 – Deploying the OVA Package

Text

Browse to the location where the OVA file located.

Text

Type the name for the new VM.

Text

Select where to run the new VM.

Text

Review the hardware requirement.

Text

Accept the license agreement

Text

Select the VM configuration. In my case because is a lab set up the demo configuration is selected.

Text

Select the Storage and Network where the new VM will be running.

Text

Specify the VM Network parameters.

Text

Step 2 – Configuring the newly deployed KMS appliance

Power on the newly deployed VM server. It will ask you to specify a password for the htadmin account. Enter a new password for htadmin and press OK.

Text

Wait for the configuration process to complete

Text

Go to the KMS management console by acceding https://kms-ip-address then provide the default credentials.

Text

Complete the configuration wizard by selecting the instance type and specify a new password.

Text

Optional - Configure Email notification.

Text

Download and save the Admin Key to a secure location.

Note: This key is primarily used for recovery purpose

Step 3 – Enable the KMIP Service

Text

The Key Management Interoperability Protocol (KMIP) enables communication between key management systems and cryptographically-enabled applications, including email, databases, and storage devices. Select KMIP in the top banner bar. Go to State and put it on Enabled. Then open Protocol and select Version 1.1 from the drop-down list. As a final step go to Restrict TLS and select Enabled to make sure traffic is on the TLS 1.2 protocol. Click the Apply button now to apply the new settings.

Text

Summary

We have now added and configure the KMS server which gives us some extra security possibilities for our infrastructure or cryptographically-enabled applications.

ko-fi