Getting Started with On-premises Connection

  • Updated on Mar 3, 2026
  • Published on Oct 1, 2024
  • 10 minute(s) read
Prev Next

1.0 Introduction

This article helps you get started with the Fortanix Key Insight on-premises connection.

It also describes:

  • How to sign up and log in to Fortanix Armor.

  • How to access the Fortanix Key Insight solution.

  • How to set up the on-premises connection to scan resources, certificates, keys, and cryptographic assets from various on-premises infrastructures, including file systems, databases, containers, and source code.

2.0 Terminology References

For the on-premises connection concepts and terminologies, refer to On-premises Connection Concepts.

3.0 Log In and Create Account

Fortanix Key Insight is a solution on the Fortanix Armor platform. Therefore, you need to create an account on the Fortanix Armor platform if you do not already have one.

3.1 Sign Up and Log In to Fortanix Armor Platform - New Users

If you are accessing Fortanix Key Insight for the first time, you need to sign up for Fortanix Armor to access Key Insight. For subsequent access, you can log in to Fortanix Armor directly.

For more information on how to sign up or log in and create an account for Key Insight, refer to Fortanix Armor – Getting Started.

3.2 Log In to Fortanix Armor Platform - Existing Users

You can directly log in to the Fortanix Armor platform to access Key Insight if you have already signed up and have an account.

For more information on how to log in and create an account on Fortanix Armor, refer to Fortanix Armor – Getting Started.

4.0 Access Fortanix Key Insight

After creating and selecting your Fortanix Armor account, you are redirected to the Available Solutions page in Fortanix Armor. From this page, you can access Fortanix Key Insight.

Perform the following steps:

  1. Ensure the appropriate region (European Union or North America) is selected from the Region drop down. The selected region determines where your data is processed and stored. It also ensures that connections, scans, and UI elements are displayed based on the selected region. For more information on configuring regions, refer to Fortanix Armor – Solutions.

  2. Click GO TO KEY INSIGHT to access Fortanix Key Insight and begin onboarding on-premises connections.

Figure 1: Access Fortanix Key Insight solution

5.0 Configure an On-premises Connection

After you access the Fortanix Key Insight solution from Fortanix Armor, you can configure and onboard an on-premises connection to scan your cryptographic materials (keys, resources, cryptographic assets, and certificates).

5.1 Prerequisites

The following are the prerequisites to configure an on-premises connection on Fortanix Key Insight:

  • Server Specifications

    • The server hosting the scanner must have at least 2 virtual Central Processing Units (vCPUs) allocated.

    • The server must have a minimum of 8 GB of Random Access Memory (RAM) to support the scanner.

    • The server should have at least 20 GB of storage capacity for temporarily storing scanned data.

  • Operating System and Libraries

    • Linux: Supported operating systems include Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04, and RHEL 9 (or Rocky Linux 9). The necessary packages are available in .deb or .rpm formats.

    • Windows: Supported operating systems include Windows Server 2016, 2019, 2022, and 2025. The necessary packages are available in .msi format.

  • Network Requirements

    • Outbound (Fortanix On-premises Scanner → External Services)

      The Fortanix On-premises Scanner must be allowed to make outgoing connections to:

      • armor.fortanix.com on port 443

      • Databases on their configured ports

      • The following Internet Protocol (IP) range to communicate back to Fortanix Key Insight:

        • 216.180.120.0/24

        IP whitelisting is not mandatory. It is required only if your on-premises environment enforces outbound firewall restrictions.

    • Inbound (File System Scanner Agent → Fortanix On-premises Scanner)

      The Fortanix On-premises Scanner must be reachable from the File System Scanner Agent:

      • Must accept inbound connections from the File System Scanner Agent’s IP on the configured port. For example, 8080 or 1443.

      • Firewall or security group rules must allow this traffic.

      • The service must bind to 0.0.0.0 or its external or private IP, not just 127.0.0.1.

    NOTE

    Although inbound connectivity is required, the Fortanix On-premises Scanner itself does not expose any ports externally.

  • Configuration File

    The Fortanix On-premises Scanner requires a configuration file that includes a list of databases, source code, containers, and file systems with their corresponding credentials, as well as the Fortanix DSM on-premises credentials. This configuration file is in plain text, and it is your responsibility to secure the file and its credentials.

  • Mixed Mode Authentication: Ensure that Mixed Mode authentication is enabled in MSSQL if you are using Windows Authentication before starting the scan.

    Perform the following steps to enable the Mixed Mode:

    1. Open Microsoft SQL Server Management Studio (SSMS).

    2. Right click the server’s name and select Properties.

    3. Navigate to the Security page.

    4. Set Server authentication to SQL Server and Windows Authentication mode.

    5. Click OK.

    Figure 2: Enable Mixed Mode authentication in MS SQL

5.2 Select Connection Type

Perform the following steps to select the on-premises connection type:

  1. On the Select Connection Type step, select On-Premises Connections option.

  2. Click NEXT.

    Figure 3: Access On-Premises Connections

NOTE

You can also add an on-premises connection by clicking ADD ON-PREMISES SCANNER in the top-right corner of the ON-PREMISES tab on the Connections page.

5.3 Add On-premises Scanner

Perform the following steps to add an on-premises scanner on the Add On-Premises Scanner step:

  1. Scanner name: Enter a name for your on-premises connection.

  2. Download, install, and configure the Fortanix On-premises Scanner to scan resources, certificates, keys, and cryptographic assets across various on-premises infrastructures, including file systems, databases, containers, and source code.

    • Download the Fortanix on-premises scanner package for Databases, Source Code, Containers, and File System infrastructure types.

      For more information on how Fortanix Key Insight integrates with the Fortanix On-premises Scanner for different infrastructure types, refer to the following:

    • Download both the Fortanix on-premises scanner package and the File system scanner agent package - Windows OS or File system scanner agent package - Linux OS package for the File System, depending on your operating system.
      For more information on how Fortanix Key Insight integrates with the Fortanix On-premises Scanner and the File System Scanner Agent, refer to File System Scanning Architecture.

  3. I have downloaded and installed the Scanner package: Enable the check box to enable and confirm the scanner installation.

  4. Click NEXT.

Figure 4: Configure an on-premises connection

5.4 Add Fortanix Key Insight Policy

The Fortanix Key Insight System Defined Policy is selected by default on the Key Insight Policy step. This policy is designed to facilitate the scanning of keys and services based on predefined key sizes and permitted operations, ensuring compliance with standard security configurations.

Click NEXT to proceed.

Figure 5: Select Key Insight policy

Additionally,

  • Click ADD POLICY to add a new user-defined policy to the policy center.

  • Click to copy and modify a system-defined policy, converting it into a user-defined policy.

For more information on Fortanix Key Insight policies and features, refer to Cryptographic Policy Management.

NOTE

If you change or update the policy instead of the System Defined Policy, you must Rescan the on-premises connection to apply the new policy.

5.5 Select External Key Source

On the Select External Key Source step, you can select an external key source, such as Fortanix DSM (SaaS or On-premises), to integrate with Fortanix Key Insight for key correlation.

Perform the following steps:

  1. Select any of the following options:

    • Yes, connect now: Selecting this option allows you to add the external key source for your on-premises connection to correlate keys using the ADD EXTERNAL KEY SOURCE feature. For more information, refer to Getting Started With External Key Source Connection. After adding the Fortanix DSM connection, select it from the list.

      Figure 6: Add external key source

    • No, I’ll connect later: Selecting this option allows you to onboard the on-premises connection without adding an external key source. You can add it later if needed.

      Figure 7: Proceed without an external key source

  2. Click ADD SCANNER & GENERATE API KEY to add the Fortanix On-premises Scanner using the generated API key. You will be authenticating with Fortanix Key Insight using the API key.

    NOTE

    The Fortanix On-premises Scanner polls to the Fortanix Key Insight platform every 15 seconds to check for any new commands or scan results. The frequent polling ensures that the scanner is always up to date with the latest commands and can act on them promptly.

  3. In the API Key Details dialog box, click COPY API KEY to copy the API key value. This value is used to authenticate between the Fortanix On-premises Scanner and Fortanix Key Insight.

  4. Close the dialog box. The new on-premises connection appears on the ON-PREMISES tab on the Connections page.

    The CONNECTION STATUS column displays one of the following statuses:

    • Connected: The Fortanix On-premises Scanner package has been successfully added, and all keys and resources have been scanned without issues.

    • Pending: The Fortanix On-premises Scanner package has been added, but resources are still pending. For on-premises connections in this state:

      • You must use the generated API key to connect with Fortanix Key Insight.

      • To begin scanning, you need to add the resources after establishing the connection.

    • Disconnected: The Fortanix On-premises Scanner package is connected, but the session has been terminated. For on-premises connections that are disconnected, you will need to restart the scanner to re-establish the connection.

  5. If the scanner is successfully connected, you can access the scanned data for an on-premises connection on the Fortanix Key Insight Overview page.

    NOTE

    After onboarding the on-premises connection,

    • Users with the Account Administrator and Group Administrator roles can manage (edit, delete, rescan, view details, view, copy and regenerate an API key) the connection from the Connections page under the ON-PREMISES tab.

      • Deleting the on-premises connection cannot be undone.

      • The RESCAN option is available only when the on-premises connection status is 'Connected'. The supported values are Connected, Pending, or Disconnected.

      • On the View Details page,

        • Click SHOW API KEY to copy the API key, if required.

        • Click REGENERATE API KEY to modify the current API key details if the existing API key is no longer suitable for the on-premises connection.

        Figure 8: View on-premises connection details

    • You can download the required scanner packages using the DOWNLOAD PACKAGE option, if not already downloaded, to add and scan keys and resources.

    • You can switch the region at any time using the region switcher drop down located on the top navigation bar of the connection UI. When the region is changed, the UI updates automatically to show the data, connections, and scan results for that region.

    • A group with the same name will be created on the Fortanix IAM Groups page. For more information, refer to Fortanix Armor Identity and Access Management-IAM.

6.0 Supported Cryptographic Elements Across On-premises Infrastructure Types

After an on-premises connection is successfully onboarded, you can access Fortanix Key Insight Overview and other pages to view all scanned on-premises resources, certificates, keys, and cryptographic assets.

The Overview UI consolidates discoveries from multiple infrastructure types, including file systems, databases, containers, and source code repositories.

NOTE

For on-premises connections, the left navigation panel will display the Resources instead of Services.

For information on the UI features for on-premises infrastructure types, refer to On-premises Connection - User Interface Components.

The following table highlights which cryptographic elements are supported across different on-premises infrastructure types:

On-premises Infrastructure Type

Keys

Resources

Certificates

Cryptographic Assets

Databases

✔

✔

X

X

File Systems

✔

✔

✔

✔

Source Code

X

✔

X

✔

Containers

X

✔

X

✔

Here,

  • ✔ indicates the cryptographic element is supported.

  • X indicates the cryptographic element is not supported.

For more information on each on-premises infrastructure type, refer to Infrastructure Types.

7.0 Troubleshooting

For information about common issues and troubleshooting steps when configuring and running Fortanix Key Insight in on-premises environments, refer to On-premises Connection Troubleshooting.

Related articles

Platform
Fortanix Armor
Armet AI Key Insight Data Security Manager Confidential Computing Manager
Open Source Platform
Enclave Development Platform®

Solutions
Use Cases
Legacy to Cloud Infrastructure Migration Regulatory Compliance Post-Quantum Readiness Secure, Data-Driven Innovation
Industry
Healthcare Banking & Financial Services Fintech Manufacturing Federal Government

Company
About Us Partners Careers Confidential Computing University Blog FAQ Contact Us Awards Events Webinars Press News Services Media Kit Newsletters

Customers

Resources

Support
Fortanix-logo

4.6

star-ratings

As of August 2025

Request a Demo