Deploy the service

Deploy the Generic KMIP service on CryptoHub. This service listens on port 5696 and manages the AES-256 Key Encryption Keys (KEKs) that Nutanix retrieves to encrypt and decrypt data on the cluster. Complete the following steps to deploy the service in CryptoHub:

Navigate to the service management section and locate the Generic KMIP service template.Select [ Deploy ].

Configure the following Service Setup settings:

Service Name: A descriptive identifier (for example, Nutanix-KMIP). Leave the default if no changes are needed.
Service Category: Leave as default.

Select [ Next ].

Configure the following Access Control settings:

Authorized Resources: The role you are logged in with has access to the service by default.
Add Additional Resources: Optional.

Select [ Next ].

Configure the following Service Info setting:

Authentication Mechanism: Leave it set to the default authentication mechanism.

Select [ Deploy ].

After deploying the service, CryptoHub creates a Certificate Authority (CA) for the service. This CA is used in the next step to sign the per-node CSRs that Nutanix generates. The CA certificate is also uploaded to Nutanix to establish trust.

Before you start

Deploy client endpoint

⌘I

Service guides

Certificate Authority

Certificate management

Certificate validation

Cloud key management

Code signing

Credential management

Data protection

Data storage

Database

Digital signing

DNS

Endpoint management

Firewall

Generic

IT automation and orchestration

Key management

Privileged access management

Secrets management

SSH

TLS offloading

Virtualization

VPN