Follow

KMIP Server: Vormetric DSM Configuration

The following steps describe how to configure Vormetric DSM to handle KMIP client requests from Cloudistics storage controllers.

Requirements

  • Vormetric DSM already installed. Refer to the Vormetric DSM documentation for information about installation and setup.

Creating the Cloudistics Ignite domain and administrator

  1. Login to the Vormetric DSM web interface.
    The initial Vormetric DSM (web interface) can be accessed from a web browser (currently 10.0.15.250). The current password for "admin" is "Cloudistics1!"
  2. Once logged in, proceed to creating a new Domain for Cloudistics. Navigate to Domains Manage Domains and create a new domain Cloudistics_Ignite.
  3. Now you need to create a new Domian Admistrator, and assign it to manage the Cloudistics_Ignite domain. This user will be able to add hosts and set policies.
  4. Navigate to Administrators All and create a new Administrator named Cloudistics with User Type of Domain and Security Administrator.
  5. Navigate to the domain you created and edit it. Click the Assign Admin tab and assign the Cloudistics user as the Domain administrator.

Adding hosts to the domain

  1. Log out of the admin account, and then log in as the Cloudistics user.
    Note: The current password for Cloudistics is "Cloudistics2!”
  2. Add a Storage Controller host to the Cloudistics_Ignite Domain. Navigate to Hosts, and add a new host. You must use the Storage Controller serial number (found in: /etc/cloudistics/appliance_serial_number). This string appended to "cloudistics-" become the host's name (for example, "cloudistics-DDVWFB2").
    When authenticating clients the server will compare this Host Name field with the Common Name field in the client certificate and only allow access if they match exactly.
  3. Add as many Storage Controller hosts as you need. You will next need to configure the KMIP Client on each Storage Controller for two-way authentication to be successful.

Configuring storage controller hosts

  1. Follow the KMIP Client Configuration steps on each storage controller as described in the topic, KMIP client configuration.
  2. After the client has been configured, download or copy the client certificate to your system, you will need it for the next step.
    /usr/share/cloudistics/kmip/certs/client.pem

Uploading the client certificate to the host account

  1. Login to the Vormetric DSM as the Cloudistics user, and then navigate to the host where you generated the certificate.
  2. Click the Upload KMIP Cert button and select the certificate file you created or copied in the preceding step.
    Once the certificate has been uploaded, the host will be ready to serve KMIP requests from this storage controller.

Testing KMIP communication

With the KMIP Client (Storage Controller) and Server (Vormetric DSM) configured, you can test the KMIP communication with the following script on the Storage Controller:
/usr/share/cloudistics/kmip/verify_kmip_configuration.py

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments