-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathinstalling.html.md.erb
More file actions
75 lines (54 loc) · 3.19 KB
/
installing.html.md.erb
File metadata and controls
75 lines (54 loc) · 3.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
---
title: Installing and Configuring Dyadic EKM Service Broker for PCF
owner: Partners
---
This topic describes how to activate Dyadic EKM Service Broker to serve your application in PCF Environment
<p class="note">
If you have not already done so, please request the Dyadic Evaluation Package by completing this short form: <a href="https://info.dyadicsec.com/pivotal_eval_request"> https://info.dyadicsec.com/pivotal_eval_request</a>
</p>
##<a id='install'></a> Install and Configure Dyadic EKM Service Broker for PCF
1. Download the product file ("tile") from [Pivotal Network](https://network.pivotal.io/products/dyadic-ekm-service-broker).
1. Navigate to the Ops Manager Installation Dashboard and click **Import a Product** to upload the product file.
1. Click **Add** next to the uploaded Dyadic EKM Service Broker for PCF tile in the Ops Manager **Available Products** view to add it to your staging area.
1. Click the newly added **Dyadic EKM** tile.
1. Complete the following fields using the information you received in the Evaluation License Package:
* **Client Private Key**: The PFX certificate used for client authentication
* **Root CA certificate**: The EKM root CA certificate used for server authentication
* **EKM Servers**: Comma separated list of EKM Server addresses
<img src="EKMTile.PNG" alt=" Dyadic EKM Service Broker config">
1. (Optional) Edit the **Message Send Timeout**, **Message Receive Timeout** (in milliseconds), and **Message Retry Counter**.
In most cases, you can accept the default values.
1. Click **Save**.
1. Return to the Ops Manager Installation Dashboard and click **Apply Changes** to install the Dyadic EKM tile.
##<a id='bind'></a> Bind Your App to the Dyadic EKM Service Broker for PCF
To use the Dyadic EKM Service Broker for crypto operations, follow these steps:
1. Confirm that you have pushed your app using the Java Buildpack for PCF:
<pre class="terminal">$ cf push APP-NAME .... -b java_buildpack</pre>
1. Enable access to the service:
<pre class="terminal">$ cf enable-service-access dyadic-ekm</pre>
1. Create EKM service instance:
<pre class="terminal">$ cf create-service dyadic-ekm default SERVICE-INSTANCE-NAME</pre>
1. Bind your app to a service instance:
<pre class="terminal">$ cf bind-service APP-NAME SERVICE-INSTANCE-NAME</pre>
1. Verify that the environments variables that are used by the Broker are correct:
<pre class="terminal">$ cf env APP-NAME</pre>
In particular, examine the _"credentials"_ and assert that its attributes and values match the one provided in the configuration step:
<pre class="terminal">
System-Provided:
{
"VCAP\_SERVICES": {
"dyadic-ekm": [
{
"credentials": {
"ca": "-----BEGIN CERTIFICATE----- xxxx
"key": "Bag Attributes xxxx -----BEGIN CERTIFICATE----- xxxx
Bag Attributes xxxx -----BEGIN EXAMPLE ENCRYPTED PRIVATE KEY----- xxxx
"recv\_timeout": "20000",
"retries": "2",
"send\_timeout": "10000",
"servers": "52.174.3.129"
</pre>
1. If your app is running, restage it:
<pre class="terminal">$ cf restage APP-NAME</pre>
1. If you haven't run your app before, start it:
<pre class="terminal">$ cf start APP-NAME</pre>