KEYNEXUS Google Cloud Integration Guide v1.2 07/2018 Introduction KeyNexus Copyright Notice Copyright 2018 KeyNexus. All rights reserved. Information in this document is subject to change without notice. The software described in this document is furnished under a license agreement or nondisclosure agreement. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or any means electronic or mechanical, including photocopying and recording for any purpose other than the purchaser's personal use without written permission. Page 2 of 44 KeyNexus KeyNexus Introduction Table of Contents Introduction ................................................................................................................................ 5 Prerequisites .............................................................................................................................. 6 Google Cloud SDK ....................................................................................................................39 KeyNexus Patches .............................................................................................................41 Google Storage Utililty ..............................................................................................................41 Deploying KeyNexus on Google Cloud ...................................................................................... 6 Create a new Google Cloud Platform project .......................................................................... 6 Create a new Google Cloud Platform bucket .......................................................................... 7 Upload the KeyNexus image file to the Google Storage bucket .............................................. 8 Create an Image from the Google Cloud Platform .................................................................. 8 Create an Instance from Google Cloud Platform .................................................................... 9 KeyNexus Configuration ...........................................................................................................10 KeyNexus Setup ....................................................................................................................10 Cluster Nodes ....................................................................................................................12 Configuring KeyNexus ...........................................................................................................15 Groups ..................................................................................................................................16 Add a group .......................................................................................................................17 Delete a group ...................................................................................................................17 View Users in a Group .......................................................................................................18 Search for a Group ............................................................................................................18 Keys ......................................................................................................................................18 Add a new key ...................................................................................................................19 Import Custom Keys ..........................................................................................................22 Key Details .........................................................................................................................24 Key Rotation ......................................................................................................................25 Add Batch Keys through the API ........................................................................................31 Users .....................................................................................................................................34 Create a New User ............................................................................................................34 Authentication Certificate ...................................................................................................36 Delete a User .....................................................................................................................38 KeyNexus page 3 of 44 Introduction KeyNexus Encrypting and Decrypting objects on Google Cloud Platform ...............................................39 Google Cloud Disk Encryption and Decryption ...................................................................42 Encrypting and decrypting objects .....................................................................................42 Page 4 of 44 KeyNexus KeyNexus Introduction Introduction Google Cloud Platform is a cloud storage platform for storing and retrieving data. It provides a simple programming interface which enables developers to take advantage of Google's own systems to perform data operations in a secure and cost-effective manner. Google Cloud Platform stores objects that are organized into basic storage containers called buckets. All requests are authorized using an access control list (ACL) associated with each bucket and object, or with gsutil, a Python application that allows access to Google Storage through the command line. Google Cloud Platform provides a range of programming languages to choose from when creating applications. These languages are supported by client libraries that allow applications to communicate with Google Cloud Storage. The libraries take care of the HTTP protocol details when using the Google Cloud Storage APIs. This guide provides the instructions for the following tasks: • Installing the Google Cloud SDK • Creating a bucket, uploading the KeyNexus VMDK file, and starting an instance on Google Cloud Platform. • Installing and configuring the KeyNexus patches. • Instructions for creating KeyNexus groups, users and keys in the KeyNexus portal. • Instructions for the scripts used to encrypt and decrypt objects stored on the Google Cloud Platform. Important: This document provides the instructions required to create a bucket, upload the KeyNexus tar.gz file and set up an KeyNexus instance on Google Cloud Platform. This does not mean, however, that KeyNexus must be running on Google Cloud Platform in order to operate as a Key Management System for your files. One of the most powerful features of KeyNexus is its ability to operate independently of any cloud platform. This document was created using KeyNexus Web Portal version 1.10. Using a version of this product other than the one used in this guide may require a different workflow from the one provided here in order to achieve a successful result. The complete set of Google Cloud Platform documentation can be found at https://cloud.google.com/docs/. KeyNexus page 5 of 44 Prerequisites KeyNexus Prerequisites Before proceeding with the configuration and deployment tasks, make sure the following tasks have been performed: • Download and Install the Google Cloud SDK • Download the KeyNexus gcloud integration package. It includes this document, patch files and sample JSON files. Talk to your KeyNexus Representative for access to these files. • Download the keynexus.tar.gz file. Talk to your KeyNexus Representative for access to this file. Deploying KeyNexus on Google Cloud This section provides instructions for the initial activation of Google Cloud Platform, creating a new project, creating a new bucket and uploading the KeyNexus file to that bucket. Once the file is successfully uploaded, it can be used to create an image. Note: These instructions are restricted to the steps necessary to set up an instance of the KeyNexus Web Portal. For complete instructions relating to Google Cloud platform, refer to the https://cloud.google.com/docs/. Create a new Google Cloud Platform project If you already have a project created in Google Cloud Platform, continue on to Create a new Google Cloud Platform bucket. 1. Open Google Cloud Platform Console. 2. Click the Select a project dropdown on the Google Cloud Platform header. This opens the Select dialog. Page 6 of 44 KeyNexus KeyNexus Deploying KeyNexus on Google Cloud 3. Click New Project. The New Project page appears. 4. Enter the project name, organization and select a location using the Browse button and selecting a folder from the list. 5. Click Create. Create a new Google Cloud Platform bucket Once the project is created, you can create a new bucket. A bucket in Cloud Storage is the container for all data stored in the Cloud Storage project. If you already have a bucket created, continue on to Upload the KeyNexus image file to the Google Storage bucket. 1. Click the Navigation Menu button to bring up the Products and Services menu. Select Storage > Browser from the menu. This brings you to the Browser page. 2. Click Create Bucket. The Create a Bucket dialog appears. 1. Enter a name for the bucket. This name has to be unique from any other bucket on Google Cloud storage. 2. Select a storage class for the bucket from one of the Storage Class options. 3. Select a location from the Location dropdown. 4. Click Show advanced settings. Click Specify labels and Add label to provide additional values to assist in organizing your buckets. (Optional) KeyNexus page 7 of 44 Deploying