Certificates required for TVR
The certificates explained on this page are not the certificates provided when accessing the TrilioVault VM dashboard through HTTPS.
TrilioVault for RHV is integrating into the RHV-Manager to provide a seamless experience for RHV Administrators and Users for all their Backup & Recovery needs inside RHV.
For this purpose is TrilioVault extending the RHV-Manager GUI with a new tab "Backup", which contains the sub-tabs Workloads, Admin Panel and Reporting as shown in figure 1.
Figure 1: TrilioVault integration into RHV-M menu
The integration of TrilioVault into the RHV-Manager contains the complete GUI. This GUI still requires Data that will be shown then.
The RHV-Manager is gathering the data shown in the GUI from the client-side. This means that next to the connection to the RHV-Manager there are also connections to the systems providing the data. For all normal RHV tabs and fields is this the RHV-Manager itself.
When accessing the TrilioVault tabs there will also be a connection build-up to the TrilioVault VM, to gather the data about Workloads, Snapshots, Restores, etc. Figure 2 visualizes this connection.
Figure 2: Connection between Client Browser and RHV-Manager
As can be seen, the TrilioVault VM provides its own certificate to the Client Browser. This connection is happening in the background of the browser. This means, that untrusted certificates can not be accepted through the browser upon opening the Backup tab in the RHV-M. The certificate for the GUI is coming from the RHV-Manager and has been accepted at this point already. The certificate for the data coming from the TrilioVault VM needs to be accepted separately.
Before installing TrilioVault it is therefore required to consider which certificates the TrilioVault VM will use and how they will be distributed to the Client Browser.
During configuration is the TrilioVault VM either able to generate its own self-signed certificate or a certificate and a private key can be provided.
When a self-signed certificate is chosen can the generated certificate be downloaded from the TrilioVault VM dashboard and then added as a trusted certificate to the Client system. Or it can be accepted through the browser itself by calling the TrilioVault VM API directly.
When a certificate is provided is the private key used with that certificate also required. This private key will be used to encrypt the communication between TrilioVault VM and the Client Browser. The provided certificate still needs to be trusted by the Client system.
Wildcards can be used for a provided certificate, but they are not recommended to ensure that the communication between TrilioVault VM and Client Browser is secure.