Dell EMC CloudLink

• Google Docs
• Google Drive
• Download [pdf]



File Info : application/pdf, 6 Pages, 53.01KB

Document Document

Dell EMC CloudLink
Version 6.0, 6.5, 6.6, 6.7, 6.8, and 6.9
Key Management for VMware vCenter Server Configuration Guide
H15988.6 September 2019
This Configuration Guide contains procedures to create a trusted connection between CloudLink and a vCenter Server using Key Management Interoperability Protocol. Topics include: l Introduction............................................................................................................... 2 l Adding a KMIP partition............................................................................................. 2 l Adding a KMIP client..................................................................................................3 l Configuring the Key Management Server.................................................................. 3 l Uploading the KMS certificate................................................................................... 4 l Establishing a trusted connection in vSphere 6.5.......................................................4 l Establishing a trusted connection in vSphere 6.7....................................................... 4 l Troubleshooting and getting help...............................................................................5

CloudLink Key Management for VMware vCenter Server Configuration Guide
Introduction
CloudLink® versions 6.0, 6.5, 6.6, 6.7, 6.8, and 6.9 supports the Key Management Interoperability Protocol (KMIP) to allow applications supporting that protocol to securely store keys and certificates. The applications, or KMIP clients, are given access to a single KMIP partition. A KMIP partition is a container for keys and certificates created by the client. All objects within a partition are encrypted using a key saved to the partition's keystore and are stored in the CloudLink Center database. The KMIP Server menu is only available in the CloudLink Center Contents pane after a KMIP license is uploaded. Use the following procedures to create a trusted connection between CloudLink Center and a vCenter Server by adding a KMIP partition and client.
Note: CloudLink 6.0, 6.5, 6.6, 6.7, 6.8, and 6.9 support KMIP 1.1 through 1.3.
Adding a KMIP partition
Add a KMIP partition. Procedure
1. Log in to CloudLink Center as an administrator with permission to configure KMIP partitions and clients.
2. Ensure that you have a valid KMIP license. a. Select System > License in the Contents pane. b. Confirm that there is a valid KMIP license assigned. You must add a new KMIP partition to store keys and certificates separately from other KMIP clients. Adding a KMIP partition involves defining its name, keystore, managing role, and providing an optional description.
3. Select KMIP Server > Partitions in the Contents pane. 4. Select Add in the command bar and provide the following values:
Partition Name A name for the KMIP partition
Description (optional) A brief description of the partition
Keystore The keystore used to store the encryption key that encrypts the KMIP objects
Key Caching You can choose to cache or not cache the KMIP partition protection key. Key caching stores the protection key locally in CloudLink Center.
Managed By The names of the roles that administer this KMIP partition

2

Dell EMC CloudLink 6.0, 6.5, 6.6, 6.7, 6.8, and 6.9

Key Management for VMware vCenter Server Configuration Guide

Adding a KMIP client
Add a KMIP client to allow vCenter Server to connect to and authenticate the connection with CloudLink Center. Procedure
1. Select KMIP Server > Clients in the Contents pane. 2. Select Add in the command bar and provide the following values:
Username Username for client authentication from the KMIP client.
Partition The KMIP partition created in Adding a KMIP partition on page 2.
Credential Type A username and password.
Password Password for client authentication from the KMIP client.
Certificate Format Use the default PEM certificate.
The required keys and certificates are automatically downloaded in a ZIP file. 3. Extract the files ca.pem, cert.pem, and key.pem to an accessible location.
Configuring the Key Management Server
Configure CloudLink Center as the Key Management Server in vSphere Web Client. Procedure
1. Use the vSphere Web Client to log in to the vCenter Server. 2. Select the vCenter Server in the Object Navigator. 3. Select Configure > Key Management Servers in vSphere Web Client. 4. Select Add KMS and provide the following values:
KMS cluster Select Create a new cluster
Cluster name A user-friendly name for the cluster
Server alias A user-friendly name for the CloudLink Center instance
Server address Address of the CloudLink Center instance
Server port Enter 5696

Dell EMC CloudLink 6.0, 6.5, 6.6, 6.7, 6.8, and 6.9

3

CloudLink Key Management for VMware vCenter Server Configuration Guide
Proxy Address Leave it blank
Proxy Port Leave it blank
User name Enter the username added in Adding a KMIP client on page 3
Password Enter the password added in Adding a KMIP client on page 3

Uploading the KMS certificate
Upload the KMS certificate to vSphere Web Client. Procedure
1. In Key Management Servers, select the KMS created in Configuring the Key Management Server on page 3.
2. Select All Actions > Upload KMS certificate. 3. Select Upload file and select the ca.pem file from Adding a KMIP client on page 3. 4. Click OK.

Establishing a trusted connection in vSphere 6.5
Establish a trusted connection between CloudLink Center and vSphere Server.
Procedure
1. Select Establish trust with KMS in Key Management Servers.
2. Select Upload certificate and private key and click OK.
3. Select Upload file in the KMS certificate section and select the cert.pem file from Adding a KMIP client on page 3.
4. Select Upload file in the private key section and select the key.pem file from Adding a KMIP client on page 3 and click OK.
The Connection Status changes to Normal.
5. If you are using a CloudLink Center cluster, separately add each CloudLink Center server in the cluster to the KMS cluster. Repeat step 4, but select the KMS cluster you have already created.

Establishing a trusted connection in vSphere 6.7
Establish a trusted connection between CloudLink Center and vSphere Server. Procedure
1. Select Establish trust and select Make KMS trust vCenter. 2. Select Upload certificate and private key and click OK. 3. Select Upload file in the KMS certificate section and select the cert.pem file from
Adding a KMIP client on page 3.

4

Dell EMC CloudLink 6.0, 6.5, 6.6, 6.7, 6.8, and 6.9

Key Management for VMware vCenter Server Configuration Guide
4. Select Upload file in the private key section and select the key.pem file from Adding a KMIP client on page 3 and click Establish Trust. The Connection Status changes to Normal.
5. If you are using a CloudLink Center cluster, separately add each CloudLink Center server in the cluster to the KMS cluster. Repeat step 4, but select the KMS cluster you have already created.
Troubleshooting and getting help
Go to Dell EMC Online Support and click MyService360. You will see several options for contacting Dell EMC Technical Support. To open a service request, you must have a valid support agreement. Contact your Dell EMC sales representative for details about obtaining a valid support agreement or with questions about your account. Dell EMC support, product, and licensing information can also be obtained from your Dell EMC account manager.

Dell EMC CloudLink 6.0, 6.5, 6.6, 6.7, 6.8, and 6.9

5

CloudLink Key Management for VMware vCenter Server Configuration Guide

Copyright © 2014-2019 Dell Inc. or its subsidiaries. All rights reserved.
Dell believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS-IS." DELL MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE, COPYING, AND DISTRIBUTION OF ANY DELL SOFTWARE DESCRIBED IN THIS PUBLICATION REQUIRES AN APPLICABLE SOFTWARE LICENSE.
Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be the property of their respective owners. Published in the USA.

6

Dell EMC CloudLink 6.0, 6.5, 6.6, 6.7, 6.8, and 6.9