Using SmartKey™ as a KMS to secure VMware virtual environments

Updated: Aug 17, 2018

Overview

The following instructions describe how to set up SmartKey as a KMS server in vSphere from the vSphere Web Client. Once setup, SmartKey can be used for both vSphere VM encryption and VSAN encryption.

Prerequistes

Create a SmartKey account.

Create a SmartKey App for VMware

Inside the SmartKey account, go to the Applications tab and create a new SmartKey app. For the “Interface” field choose “KMIP” and for “Authentication method” option choose “API key”. Click “Save” and after reviewing click “Finish”.

ec-created

Obtain App Credentials

Go back to the “Applications” page and click “VIEW CREDENTIALS” of the app you just created. Then, click the “Username/Password” tab as shown below.

ec-created

Configuring KMS in vCenter

Go to the “Key Management Servers” page in the vSphere Web Client and click “+ Add KMS”. Fill in the required information of the KMS server. In the “User name” and “Password” fields paste the values from the previous step.

ec-created

After pressing OK the “Connection Status” column should show “Normal” and the “Certificate Status” column should show a green check with the expiration date of the certificate.

ec-created

Establishing trust with SmartKey

After adding the SmartKey KMS server in the VSphere Web Client it is necessary to establish trust with the server. In the “Key Management Servers” page click “Establish trust with KMS” and choose “Certificate”. If desired, save the Certificate and then click “OK”.

ec-created

A second green check should appear in the “Certificate Status” column of the KMS cluster.

ec-created

SmartKey is ready for use with VSAN encryption and vSphere VM encryption.