Google Cloud Deployment
You can deploy a CipherTrust Manager instance in Google Cloud.
Minimum Requirements
To deploy a CipherTrust Manager instance, the following minimum requirements apply:
System volume: 100 GB
Memory: 16 GB
vCPUs: 2
NICs: 1
Note
These minimum system requirements are for a system with light to moderate load. For applications that heavily load the system, additional memory and CPU allocation are required. The system volume holds all data as well as backups.
Deploying in Google Cloud
This section provides the steps for deploying a Virtual CipherTrust Manager instance from the Google Cloud Marketplace. Refer to the Google Cloud Platform documentation for general information on launching a VM in Google Cloud.
Note
We recommend first launching the Virtual CipherTrust Manager instance, and then providing the SSH key for the ksadmin
user using the CipherTrust Manager web UI, as presented in the steps below. If you wish to instead use Google Cloud tools to provide the SSH key, you must provide the username ubuntu
.
Prerequisite
If you wish to set a static IP for your Virtual CipherTrust Manager instance, you must reserve a static external IP address for your project before launching the VM. Consult Google documentation to do so.
To launch a CipherTrust Manager instance
Using your gmail address, sign in to the Google Cloud Platform.
In the Google Cloud Platform top banner, select a project or create a new one.
To create a New Project:
Select New Project.
Enter a Project Name and Project ID.
Enter a Location if you already have a parent organization you want to use.
Select Create.
The project's DASHBOARD appears.
Navigate to the Google Cloud Marketplace and search for "CipherTrust Manager" images.
On the results, select CipherTrust Manager Community Edition.
Select Launch.
To create a CipherTrust Manager instance, review and modify these fields as needed:
Enter a Deployment name for the instance.
Select the Zone closest to your location.
Review that the Machine type is e2-standard-4 (4vCPU, 16 GB memory), which is optimized for Virtual CipherTrust Manager. If you want to change the Machine type, make sure the selection is in keeping with the minimum requirements.
Review Boot disk type and Boot disk size in GB. The default of Standard Persistent Disk and 100 fulfill the minimum requirements of the image.
If desired, in the Network interface section External IP drop down, you can select any static IP which is reserved for your project. Consult Google documentation on reserving a static IP address for a project.
Note
After launching the VM, you can confirm the static IP was applied using the nmcli tool in an SSH session.
In the Firewall section, ensure that checkboxes for Allow HTTP traffic and Allow HTTPS traffic are enabled.
Enable the checkbox to accept the GCP Marketplace Terms of Service and Thales - European Union - Frankfurt Terms of Service.
Select Deploy to launch the instance.
Your new virtual CipherTrust Manager is created and appears in Deployment Manager.
Click on the Site address for the newly created vCM.
A new browser tab opens to this address and the CipherTrust Manager web page appears.
You are prompted to enter an SSH key to authenticate the
ksadmin
user in an SSH session.Note
We support OpenSSH for the public key format. The corresponding private key can be OpenSSH, PKCS1, or PKCS8 format. You can generate this key pair using 'PuTTYgen' or similar utility. Save this SSH Public Key at a safe location. You will need this key for future SSH access.
After replacing the default SSH Public Key, the Log In screen appears. For more options to replace the default SSH Public Key, see Starting Services After Deployment.
Log in using the initial default credentials for the root administrator: Username = admin, Password = admin
The following notice is displayed:
Note
If the default credentials do not work, you may need to retrieve an autogenerated password, as described in Changing the Initial Password.
Enter a new password using this default Password Policy:
Min length: 8 Max length: 30 Min number of upper cases: 1 Min number of lower cases: 1 Min number of digits: 1 Min number of other characters: 1
A new Login screen appears.
Using your new password, log in again. The CipherTrust Manager Web Page appears.
At this point, it's strongly recommended to configure an NTP server.
Navigate to Admin Settings > NTP.
Enter in an NTP Server hostname.
For an authenticated NTP Server, enter in a symmetric key value in the NTP Key field.
Click the +Add NTP Server button.
See Network Time Protocol Server Configuration for more details.
Congratulations! You have successfully deployed a CipherTrust Manager instance.
Note
Virtual CipherTrust Manager launches in Community Edition, with some restrictions on functionality. You can activate a 90 day trial evaluation for full functionality. To activate your instance with a trial evaluation, or a term or perpetual license, see Licensing.
SSH Access to the New Instance
If using a Windows client, use PuTTY or similar utility to SSH to your CipherTrust Manager instance as KeySecure Administrator (ksadmin). If needed, use PuTTYgen or similar utility to format the SSH Key Pair.
If using a Linux client use SSH to login as KeySecure Administrator (ksadmin).