In the Part-1 we configured HyTrust KeyControl Cluster , now lets configure this cluster in vCenter and configure encryption for Virtual Machines..
Lets create a user to be utilize with vCenter – click on the Users tab to create a new user. Click on the Actions drop down button and select, Create User.
Create a user called the same name as the VMware VCSA name for ease of use.
NOTE – Do NOT specify a password, else trust will fail.
Highlight the newly created user, click the Actions dropdown button, then click the Download Certificate option. This will download the certificate created for that user. A zip file containing the Certificate of Authority (CA) will be downloaded.
Once you have downloaded Certificate , Log in to the VCSA, highlight the vCenter on the left hand pane, click on the configure tab on the right hand pane, click on Key Management Servers, then click the Add KMS button.
Enter a Cluster name, Server Alias, Fully Qualified Domain Name (FQDN)/IP of the server, and the port number. Leave the other fields as the default, then click OK.
Click on Yes to set the KMS cluster “Hytrust” as the default.
Click on Trust to trust the Certificate from HyTrust KeyControl.
Now we have to establish the trust relationship between vCenter and HyTrust KeyControl. Highlight the KeyControl appliance, click on All Actions, then click on Establish trust with KMS.
Select the Upload certificate and private key option, then click OK.
Click on Upload file button
Browse to where the CA file was previously generated, select the “vcenter”.pem file, then click Open.
Repeat the process for the private key by clicking on the second Upload file button and Verify that both fields are populated with the same file, then click OK.
You will now see that the Connection status is shown as Normal indicating that trust has been established.Hytrust KeyControl is now set up as the Key Management Sever (KMS) for vCenter.
Now we successfully add one Node of cluster , add another node by following the same steps..
Let’s You can now begin to encrypting virtual machines with vSphere 6.5 which i will be covering in the next post. Happy Learning 🙂