Installing HyTrust KeyControl KMS on a VM

Laraib Kazi

HyTrust (now Entrust) KeyControl is a Key Management Server (KMS) that essentially manages encryption keys for virtual machines, including their rotation, sharing, access etc.
The reason I chose this KMS for use with vCenter is essentially due to the availability of a 60 day trial, which then let me try all the encryption options available within vCenter 6.7

To start off, I downloaded the ISO and uploaded it to a datastore that my ESXi hosts can access. I created a new VM, in this case I called it HyTrust_KeyControl_Test, with the following configuration:

CPU: 2
Hard Disk: 60GB - 1 VMDK
Guest OS: CentOS 7
NIC: 1x VMXNET3 Adapter
CDROM: ISO Mounted from the Datastore

Powering on the VM and accessing the Web Console for the installation:

I started off with specifying a password:

Since this is the first node, or rather only node, I selected option 1 to Install Initial KeyControl Node.
Option 2 is for when we already have a KeyControl node installed, and if we wan to add additional nodes to create a KMS Cluster.

I am not using DHCP for this VM, so selecting No on this screen, and specifying the network configuration for this node.

On this final screen we can validate the basic configuration and then proceed through the setup process.

On the install is complete, we can then access the Web Console using the management IP - this will be the IP specified in the network configuration.
Note that we cannot login to the management web page using the htadmin account we created the password for during the install process - that account is for SSH console logins only. Here we need to login with the default credentials:

username: secroot
password: secroot

Following that, we are immediately prompted to change the password for the secroot account.

And thats pretty much it - We now have HyTrust KeyControl KMS Installed.
The next step for me is to configure this KMS for use with my vCenter 6.7 to be able to encrypt VMs/Datastores. You can continue reading about it here.