Major Components

Entrust KeyControl Vault^® provides encryption and key management for virtual machines located in data centers or private, public, or hybrid clouds. Entrust KeyControl Vault works with:

• VMware vSphere
• Amazon Web Services (AWS)
• Google Cloud Platform (GCP)
• Microsoft Azure
• IBM Bluemix

Entrust KeyControl Vault consists of two main components:

• Entrust KeyControl Vault (KeyControl Vault)—KeyControl Vault stores encryption keys, policies, and configuration for any number of virtual machines with the Entrust DataControl Policy Agent installed. You can configure KeyControl Vault directly through the browser-based KeyControl webGUI using HTTPS, or remotely through the hicli command line interface (CLI) or a set of REST-based APIs.

  You can install multiple KeyControl Vault nodes in an active-active cluster to provide load balancing and high availability support. Because this is an active-active cluster, you can make changes to the settings on any KeyControl Vault node in the cluster and those changes are immediately reflected on all KeyControl Vault nodes in the cluster.

• Entrust DataControl Policy Agent (Policy Agent)—A software module that runs inside Windows and most Linux operating systems that provides encryption of virtual disks, filesystems, and individual files. All VMs that have the Policy Agent installed can also securely share encrypted files and disks as long as those VMs are registered with the same Cloud VM Set.

  You must install a copy of the Policy Agent on each VM you want to encrypt with DataControl.

The following figure provides a high-level view of the main architectural components of Entrust KeyControl Vault.