Hostname Identification and Resolution

Prior to the installation of Keyfactor Command, you need to determine the DNSClosed The Domain Name System is a service that translates names into IP addresses. alias(es) by which the Keyfactor Command roles will be accessed, if any, and configure them in your hostnameClosed The unique identifier that serves as name of a computer. It is sometimes presented as a fully qualified domain name (e.g. servername.keyexample.com) and sometimes just as a short name (e.g. servername). resolution solution so that they will be resolvable prior to installation. For example, if you’re licensed for SSHClosed The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. key management and wish to publish the My SSH Key portal externally to support SSH key acquisition by users outside the company firewall, you will probably wish to reference the server by a DNS alias rather than its actual hostname. For example, you may wish to use keyfactor.keyexample.com rather than websrvr23.keyexample.local. This is particularly significant if you will be using redundant servers with load balancing. For DNS aliases used internally, you will need to consider whether the servers to be accessed will be authenticated using Kerberos authentication. Out of the box, the Keyfactor Command Management Portal uses integrated Windows authentication and will default to Kerberos authentication in most environments. Although some features of the Keyfactor Command Management Portal may support NTLM authentication in some environments, the dashboard and enrollmentClosed Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). functions do not support NTLM. If you will be using Kerberos authentication, your DNS aliases need to be configured as “A” records rather than CNAME records because Kerberos does not function well with CNAME records under Microsoft IIS.

The roles for which you need hostnames during the Keyfactor Command installation are:

For a small environment you may choose to use the server’s actual name. If you plan to use SQL clustering, you will need an alias that represents the cluster. Using an alias for the SQL server allows for database portability in the future.

During the Keyfactor Command installation you configure the email server that will be used to send email notifications.

This is the primary management server and may hold all Keyfactor Command roles in a small implementation.

This hostname must match the hostname entered for the Management Portal.

This hostname is only required if your Keyfactor Command license includes vSCEP™. If all Keyfactor Command roles are combined on one server, this will be the same hostname as used for the Keyfactor Command Management Portal.

This hostname is only required if your Keyfactor Command license includes orchestratorClosed Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. functionality. If all Keyfactor Command roles are combined on one server, this will be the same hostname as used for the Keyfactor Command Management Portal.

This hostname must match the hostname entered for the Management Portal unless you are installing a secondary instance of the Keyfactor APIClosed A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command..

This hostname is only required if you choose to enable this option for legacy support. Out of the box, the Keyfactor Command API PowerShell Client use the Classic API role. If all Keyfactor Command roles are combined on one server, this will be the same hostname as used for the Keyfactor Command Management Portal.

This hostname is only required if you choose to enable the option to copy Keyfactor Command audit logs entries in real time, as they are generated, to a separate server for collectionClosed The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports). and analysis by a centralized logging solution (e.g. rsyslogClosed Rsyslog is an open-source software utility used on UNIX and Unix-like computer systems for forwarding log messages in an IP network., Logstash).

Prior to beginning the Keyfactor Command installation, ensure that the selected hostnames resolve successfully.