Encryption

Installing HyTrust KeyControl KMS on a VM

Youtube
Body

HyTrust (now Entrust) KeyControl is a Key Management Server (KMS) that essentially manages encryption keys for virtual machines, including their rotation, sharing, access etc.
The reason I chose this KMS for use with vCenter is essentially due to the availability of a 60 day trial, which then let me try all the encryption options available within vCenter 6.7

To start off, I downloaded the ISO and uploaded it to a datastore that my ESXi hosts can access. I created a new VM, in this case I called it HyTrust_KeyControl_Test, with the following configuration:

Categories:
Click here to read more

Encrypting a VM using a Storage Policy

Youtube
Body

In our previous posts, we configured a KMS to use with a vCenter, and configured a VM storage policy for encryption.

Here, we are going to encrypt a VM using a VM encryption storage policy.
To start, we need to login to the vCenter vSphere Client and go to the Hosts and Clusters section.

In this example, I am going to encrypt the "RHEL7_1" VM.
To encrypt an existing VM, we are going to have to change its storage policy from its current one, to a VM Storage Policy for Encryption. The VM does need to be powered off for this operation, since we are changing the storage policy affiliated with the VMDKs.

The simplest way to run through this is to Right Click on the VM in question > VM Policies > Edit VM Storage Policies

Categories:
Click here to read more

Creating a VM Storage Policy for Encryption

Youtube
Body

Virtual machine storage policies control which type of storage is provided for the virtual machine and how the virtual machine is placed within storage. They also determine data services that the virtual machine can use.

https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.storage.doc/GUID-A8BA9141-31F1-4555-A554-4B5B04D75E54.html

In our previous posts, we installed a KMS and configured it for use with vCenter. Here, we are going to configure a new VM Storage Policy to use for encryption.

We start by heading to Policies and Profiles, by heading to Menu > Policies and Profiles
In there, we are going to select VM Storage Policies and then Create VM Storage Policy.

Categories:
Click here to read more

HyTrust KeyControl KMS Configuration on vCenter 6.x

Youtube
Body

A KMS or Key Management Server is basically a server used to store and generate encryption keys, that can be used by other applications for the purposes of encryption.

We already ran through the process of install HyTrust KeyControl in a VM in a previous post. So in this post, we are going to configure a HyTrust KeyControl KMS to use with a vCenter 6.7.

Lets start by first logging into the Hytrust KeyControl web client - I am logged in with the default root accout "SECROOT" - ofcourse the right way to do this would be use a user account with the required level of permissions, but for this demonstration, the root account is fine.

Click on the KMIP Section, and change the "State" of the KMS from DISABLED to ENABLED, click on Apply, and Proceed to overwrite the existing KMIP Server settings.

Categories:
Click here to read more
Subscribe to Encryption