About
Prerequisites are designed to ensure all items required to deploy the Virtru Private Keystore (for Virtru Solutions) are available to ensure a smooth deployment.
Jump To:
Prerequisites
Create an A record for your public IP that the VPK (Virtru Private Keystore) will point to your VPK hosting environment (Server or Load balancer)
Example: (cks.<yourdomain>.com)
All traffic will be encrypted via TLS by a Public Certificate Authority (CA) signed certificate.
Recommended Distributed Configuration
Highly available load balancer connected to:
- 2 or more hosts
- (Optional) 2 or more locations
- (Optional) HSM Array
Optional Minimum Configuration
Highly available load balancer connected to 2 hosts with a single container per host. Additional resources and hosts are recommended. Additional resources will enhance the resiliency of the environment.
Access
Access and rights to make decisions and configuration changes regarding the following Services will allow a smooth and expedient Virtru Private Keystore (for Virtru Solutions) setup. Failure to secure approval and/or access to any item may cause a delay in the VPK deployment and/or testing.
Service | Status |
---|---|
DNS |
|
Load Balancer |
|
Host |
|
Firewall |
|
|
|
SSL Certificates |
|
Syslog/SIEM System (Optional) |
|
HSM (Optional) |
|
Application
Docker
The VPK is distributed as a `docker` image via Virtru's DockerHub Repository.
To install docker on your host please follow the docker documentation for installation
Linux 64 bit OS that meets the Docker Minimum Requirements
Docker Compose
Docker Compose is a tool used by Virtru to automate the deployment of the Virtru Private Keystore (for Virtru Solutions). The use of Docker Compose is required to ensure all parameters are met and to ensure a smooth deployment.
Docker Compose can be installed here: https://docs.docker.com/compose/install/#install-compose
Firewall
https://support.virtru.com/hc/en-us/articles/360013417494-CKS-Reference-Firewall
Host:
Please see our Host reference article for recommended linux host setup
https://support.virtru.com/hc/en-us/articles/115004727274-Hosts
Network
Load Balancer
Virtru Private Keystore can be deployed as a standalone instance or in a High Availability (HA) configuration behind your favorite load balancer (example: HAProxy, Nginx, DNS Round Robin or any other commercial load balancer). As the VPK is stateless, there are no Inter-VPK communication requirements.
Warning
Deploying a single Virtru Private Keystore is highly discouraged. If any maintenance or unforeseen issues arise, the Virtru encrypted email will not be readable and cannot be decrypted until the VPK functionality is restored.
Virtru Recommends at least 1 Virtru Private Keystore container on 2 different hosts along with a backup and recovery plan.
Please note that Load Balancer specific steps are outside the scope of this document. Please consult your Load Balancer manual for more information.
Tip
You can make the load balancer configurations after you have successfully installed Virtru Private Keystore on individual servers.