Skip to main content
Deploy the Generic KMIP service on CryptoHub. This service listens on port 5696 and manages the AES-256 Key Encryption Keys (KEKs) that Nutanix retrieves to encrypt and decrypt data on the cluster. Complete the following steps to deploy the service in CryptoHub:
1
Log in to the CryptoHub under dual control using your administrator identities.
2
Navigate to the service management section and locate the Generic KMIP service template.Select [ Deploy ].
3
Configure the following Service Setup settings:
  • Service Name: A descriptive identifier (for example, Nutanix-KMIP). Leave the default if no changes are needed.
  • Service Category: Leave as default.
Select [ Next ].
4
Configure the following Access Control settings:
  • Authorized Resources: The role you are logged in with has access to the service by default.
  • Add Additional Resources: Optional.
Select [ Next ].
5
Configure the following Service Info setting:
  • Authentication Mechanism: Leave it set to the default authentication mechanism.
Select [ Deploy ].
After deploying the service, CryptoHub creates a Certificate Authority (CA) for the service. This CA is used in the next step to sign the per-node CSRs that Nutanix generates. The CA certificate is also uploaded to Nutanix to establish trust.