Entrust Hardened OS

The base of every KeyControl node is the Entrust-hardened version of Oracle Linux, a locked-down version of the operating system that has no run-time login/SSH access to the system. This prevents tampering or attempts to access clear-text data and/or encryption keys. Each KeyControl node can be installed as a virtual machine.

The main features are:

• An ISO, OVA, AMI (Amazon Web Services marketplace), VHD (Microsoft Azure marketplace), or Google Cloud Platform Image that supports installation of a KeyControl node, from which the Entrust KeyControl Policy Agent can be downloaded.
• Optional automatic mirroring of the root partition to provide high availability for KeyControl servers, preventing downtime from disk failures.
• Encryption of the Entrust software on the installation media, to prevent tampering.
• All major system software protected from tampering by whitelisting.
• No login or SSH access to KeyControl, preventing key snooping or clear-text data snooping.
• Minimal OS software installed with industry standard lock-down capabilities built in.
• Ability to extract debug information via the webGUI or through a restricted support access. The debug information does not contain any sensitive data or encryption keys.
• GUI-based extraction of log / support information.
• Built-in VMtools.