Enabling vSAN Encryption
To enable vSAN encryption with a connected CipherTrust Manager cluster:
On the CipherTrust Manager UI, configure the following:
Hostname (mandatory). For more details, refer to the CipherTrust Manager documentation.
DNS servers (optional). For more details, refer to the CipherTrust Manager documentation.
NTP server (optional). For more details, refer to the Google documentation.
Cluster / members (recommended, with at least 2 nodes). For more details, refer to the CipherTrust Manager documentation.
Perform the following steps to configure CipherTrust - KMIP Tenant:
In the CipherTrust UI, create the following users:
KMIP_admin: Created by the ROOT admin, this user is dedicated to KMIP administration purpose.
KMIP_user: Created by the ROOT admin, this user can operate inside the KMIP domain only, assigned by the KMIP admin.
Note
In this document we have created KMIP_admin and KMIP_user users. However, you can create user as per your convenience.
For more details on creating user, refer to the CipherTrust Manager documentation.
(This is an optional step.) Create domain and assign KMIP_admin under Admins option.
For more details on creating domain, refer to the CipherTrust Manager documentation.
Log on as KMIP ADMIN into the KMIP domain as
<your domain>||<your user>. In this example:KMIP_domain||KMIP_admin.Go to Keys & Access Management > CA.
You can view the Local Certificate Authority created with the KMIP domain.
Download the Local Certificate Authority using the contextual menu.
This domain certificate will be uploaded further, so that the KMIP interface can recognize it.
Go to Users > Assign User and assign the KMIP user to the KMIP domain.
Select the user and assign the Key Users group to it.
Repeat this step and assign the Audit group to the user, so that respective user can check the records in the CipherTrust Manager.
Finally, log out from the CipherTrust platform. Now, you are ready to prepare the VMWare client KMIP connection. For more details, refer to Enabling VMware KMIP Connection.
