Configure Vormetric DSM

The following steps describe how to configure Vormetric DSM to handle KMIP client requests from ThinkAgile CP storage controllers.

Requirements

Create the ThinkAgile CP Domain and Administrator

  1. Log in to the Vormetric DSM web interface. The initial Vormetric DSM (web interface) can be accessed from a web browser (currently 10.0.15.250). The current password for "admin" is "Cloudistics1!"
  2. Once logged in, proceed to creating a new Domain for ThinkAgile CP. Navigate to Domains > Manage Domains and create a new domain ThinkAgile CP.
  3. Now you need to create a new Domain Administrator, and assign it to manage the ThinkAgile CP Cloud Controller domain. This user will be able to add hosts and set policies.
  4. Navigate to Administrators > All and create a new Administrator named ThinkAgile CP with User Type of Domain and Security Administrator.
  5. Navigate to the domain you created and edit it. Click the Assign Admin tab and assign the ThinkAgile CP user as the Domain administrator.

Add Hosts to the Domain

  1. Log out of the admin account, and then log in as the ThinkAgile CP user.

    Note: The current password for ThinkAgile CP is "Cloudistics12
  2. Add a Storage Controller host to the ThinkAgile CP Cloud Controller Domain. Navigate to Hosts, and add a new host. You must use the Storage Controller serial number (found in: /etc/tacp/appliance_serial_number). This string appended to "tacp-" becomes the host's name (for example, "tacp-DDVWFB2").

    When authenticating clients the server will compare this Host Name field with the Common Name field in the client certificate and only allow access if they match exactly.

  3. Add as many Storage Controller hosts as you need. You will next need to configure the KMIP Client on each Storage Controller for two-way authentication to be successful.

Configure Storage Controller Hosts

  1. Follow the KMIP Client Configuration steps on each storage controller as described in the topic, Configure the KMIP client.

  2. After the client has been configured, download or copy the client certificate to your system, you will need it for the next step.

    /usr/share/tacp/kmip/certs/client.pem

Upload the Client Certificate to the Host Account

  1. Log in to the Vormetric DSM as the ThinkAgile CP user, and then navigate to the host where you generated the certificate.

  2. Click the Upload KMIP Cert button and select the certificate file you created or copied in the preceding step.

    Once the certificate has been uploaded, the host will be ready to serve KMIP requests from this storage controller.

Test KMIP Communication

With the KMIP Client (Storage Controller) and Server (Vormetric DSM) configured, you can test the KMIP communication with the following script on the Storage Controller:

/usr/share/tacp/kmip/verify_kmip_configuration.py

Parent topic: Manage Encryption