Accessing IBM Security Guardium Key Lifecycle Manager on IPP and KMIP ports
You can access IBM® Security Guardium® Key Lifecycle Manager that is installed on a Red Hat® OpenShift® cluster only on an HTTP port by default. To access IBM Security Guardium Key Lifecycle Manager on non-HTTP ports, such as IPP and KMIP, complete the steps in this topic.
- Log in to the Red Hat OpenShift console as the cluster
- Create a route for the IPP or KMIP port.
- In the left pane, expand Create Route., and click
- Specify values for the following properties on the page.
Table 1. Properties and their description Property Description Name For IPP: ipp-route-name
For KMIP: kmip-route-name
Service sklmapp Target port For IPP: 3801
For KMIP: 5696
Security Select the Secure route check box. TLS Termination Select Passthrough as the TLS termination type. Insecure Traffic Select Passthrough as the insecure traffic type.
- Click Create.
- Log in to infrastructure node with root privileges.
- Depending on the port type, add the following front-end and back-end entries to the
/etc/haproxy/haproxy.cfg file. For IPP:
frontend ipp-route-name bind *:IPP Node Port default_backend ipp-route-name mode tcp option tcplog backend ipp-route-name balance source mode tcp server worker0 private-ip:IPP Node Port check server worker1 private-ip:IPP Node Port check server worker2 private-ip:IPP Node Port checkWhere, ipp-route-name is the route name and IPP Node Port is the corresponding node port that is assigned to this route.For KMIP:
frontend kmip-route-name bind *:KMIP Node Port default_backend kmip-route-name mode tcp option tcplog backend kmip-route-name balance source mode tcp server worker0 private-ip:KMIP Node Port check server worker1 private-ip:KMIP Node Port check server worker2 private-ip:KMIP Node Port checkWhere, kmip-route-name is the route name and KMIP Node Port is the corresponding node port that is assigned to this route.
- Restart the
haproxyservice using the following command:
systemctl restart haproxy
- You can now access IBM Security Guardium Key Lifecycle Manager on the respective node ports (IPP Node Port or KMIP Node Port) for IPP devices and KMIP clients.