The Skyhigh CASB Key Agent allows you to manage encryption through the Skyhigh CASB proxy while maintaining ownership of your own encryption keys. Managing your own keys gives you greater control and security over who can view your data. Once installed, the Key Agent requires no maintenance or configuration; just point it to your existing Hardware Security Module and the Key Agent will use your managed keys to protect your data in the cloud.
Make sure that the computer where you will install the Skyhigh CASB Key Agent meets the following requirements:
- VM to run the Skyhigh CASB Key Agent Service
- 4 cores
- 8-GB RAM
- 100 GB HDD
- Windows x64 7 or later; Windows 2008 or later; RedHat/SuSe 64-bit 6 or later.
Install the Key Agent
To install the key agent:
- Select the Destination Directory where you would like the Key Agent to be installed, either by manually entering the file path or by clicking Browse and navigating to your target destination. The default installation directory is /Applications/shnka. Click Next.
The files for the Key Agent are installed in your target directory.
- After installation is complete, you are asked how you connect to the internet. Choose one of the following:
- This machine has a direct connection to the internet if you connect to the internet directly, without accessing a proxy.
- This machine uses a proxy to connect to network if you access the internet through a proxy.
- If you chose This machine uses a proxy to connect to the network, enter information into the following fields and click Next:
- Proxy Type: HTML or NTLM (Windows NT LAN Manager).
- NTML Domain: Used only when NTML is selected as the proxy type.
- Proxy Host: The IP address of your proxy.
- Proxy Port: The port to be used to pass key agent traffic through your proxy. This is set to 80 by default.
- Proxy User: The login name for your proxy (if needed).
- Proxy Password: The password use to access your proxy (if needed).
- Provide the requested information about your Key Management server and click Next to continue:
- KMIP Server: The address for the server that manages your encryption keys.
- KMIP Server Port: The port that your KMIP server is listening to for traffic from the Key Agent. The default is 5696.
- Keystore for KMIP Authorization: The local file used to authenticate access to your KMIP Server.
- Keystore Password: The authentication necessary to access the Keystore file.
- CA Certificate Chain: The digital certificate file used to establish a chain of security. It is generated by the root server which signs the key requests.
- Key Name: If same key to be used for all instances in a tenant then provide the key name configured in the HSM server and follow Step 5 below. If you plan to use different keys for service instances then follow the steps listed here, Instance Level Keys.
- Enter the credentials you use to access the Skyhigh CASB Cloud Security Manager and click Next.
- When informed that the installation is complete, click Finish to close the installer.