Major Components

Entrust Cryptographic Security Platform Vault^® provides encryption and key management for virtual machines located in data centers or private, public, or hybrid clouds. Entrust Cryptographic Security Platform Vault works with:

• VMware vSphere
• Amazon Web Services (AWS)
• Google Cloud Platform (GCP)
• Microsoft Azure

Entrust Cryptographic Security Platform Vault consists of two main components:

• Entrust Cryptographic Security Platform Vault (Cryptographic Security Platform Vault)—Cryptographic Security Platform Vault stores encryption keys, policies, and configuration for any number of virtual machines with the Entrust Policy Agent installed. You can configure Cryptographic Security Platform Vault directly through one of the browser-based webGUIs using HTTPS, or remotely through the hicli command line interface (CLI) or a set of REST-based APIs.

  You can install multiple Cryptographic Security Platform Vault nodes in an active-active cluster to provide load balancing and high availability support. Because this is an active-active cluster, you can make changes to the settings on any Cryptographic Security Platform Vault node in the cluster and those changes are immediately reflected on all Cryptographic Security Platform Vault nodes in the cluster.

• Entrust Policy Agent (Policy Agent)—A software module that runs inside Windows and most Linux operating systems that provides encryption of virtual disks, filesystems, and individual files. All VMs that have the Policy Agent installed can also securely share encrypted files and disks as long as those VMs are registered with the same Cloud VM Set.

  You must install a copy of the Policy Agent on each VM that you plan to use with the Cryptographic Security Platform Vault for Databases or the Cryptographic Security Platform Vault for VM Encryption.

The following figure provides a high-level view of the main architectural components of Entrust Cryptographic Security Platform Vault.