Prerequisites are designed to ensure all items required to deploy the Virtru Private Keystore (for Virtru Solutions) are available to ensure a smooth deployment.
Create an A record for your public IP that the CKS will point to your CKS hosting environment (Server or Load balancer)
All traffic will be encrypted via TLS by a Public Certificate Authority (CA) signed certificate.
Recommended Distributed Configuration
Highly available load balancer connected to:
- 2 or more hosts
- (Optional) 2 or more locations
- (Optional) HSM Array
Optional Minimum Configuration
Highly available load balancer connected to 2 hosts with a single container per host. Additional resources and hosts are recommended. Additional resources will enhance the resiliency of the environment.
Access and rights to make decisions and configuration changes regarding the following Services will allow a smooth and expedient Virtru Private Keystore (for Virtru Solutions) setup. Failure to secure approval and/or access to any item may cause a delay in the Virtru CKS deployment and/or testing.
| Syslog/SIEM System
The CKS is distributed as a `docker` image via Virtru's DockerHub Repository.
To install docker on your host please follow the docker documentation for installation
Linux 64 bit OS that meets the Docker Minimum Requirements
Docker Compose is a tool used by Virtru to automate the deployment of the Virtru Private Keystore (for Virtru Solutions). The use of Docker Compose is required to ensure all parameters are met and to ensure a smooth deployment.
Docker Compose can be installed here: https://docs.docker.com/compose/install/#install-compose
Please see our Host reference article for recommended linux host setup
Virtru Private Keystore can be deployed as a standalone instance or in a High Availability (HA) configuration behind your favorite load balancer (example: HAProxy, Nginx, DNS Round Robin or any other commercial load balancer). As the CKS is stateless, there are no Inter-CKS communication requirements.
Deploying a single Virtru Private Keystore is highly discouraged. If any maintenance or unforeseen issues arise, Virtru Encrypted email will not readable be able to be decrypted until the CKS functionality is restored.
Virtru Recommends at least 1 Virtru Private Keystore container on 2 different hosts along with a backup and recovery plan.
Please note that Load Balancer specific steps are outside the scope of this document. Please consult your Load Balancer manual for more information.
You can make the load balancer configurations after you have successfully installed Virtru Private Keystore on individual servers.