Install Zettaset XCrypt Full Disk
The installer sends the Zettaset XCrypt Full Disk libraries and configuration files to each target node and encrypts the nodes and partitions listed in the hosts.inv file.
The Zettaset XCrypt Full Disk installer must have permission to write to the PKCS #11 (FXPKCS11) log file, fxpkcs11.log, on the primary KMIP node. Before proceeding with the steps in this procedure, run the following command as root or sudo to add write permissions on the fxpkcs11.log file.
Perform a sanity check on the inventory file. This command confirms that the settings in your file are valid.
Run the installer:
This creates the needed KMIP and HSM servers, establishes secure connectivity between all nodes and services, and encrypts partitions. At the end of the installation output display, you should see zero failures for all nodes in the PLAY RECAP.
Zettaset XCrypt Full Disk creates four keys on the Vectera Plus: one public and one private RSA 2048 asymmetric key and two AES 256 Data Encryption keys.
View the block devices for each target node to confirm partition encryption. Your output reflects your partitions.
View the encryption key names by viewing cryptinittab on the target node:
Back up the cryptinittab file for each encrypted node. This file is the only way to associate a key with a partition.
Review install.log when needed.
Remove any hsm pin values from the hosts.inv file.