Installation Overview

This document the standard installation procedures for HyTrust KeyControl and the HyTrust DataControl Policy Agent. For installation on Amazon Web Services, see KeyControl and DataControl in Amazon Web Services. For installation on Azure, see KeyControl and DataControl in Microsoft Azure.

To configure a basic KeyControl cluster and register one or more VMs with that cluster, you need to install KeyControl on one or more servers and then install the Policy Agent on each VM you want to register. To do so:

Step	Description	Notes
1	Verify that the systems you want to use meet the basic system requirements.	See System Requirements.
2	Install the KeyControl software on the target system. Important: Make sure that all KeyControl nodes reside on devices that are not encrypted. KeyControl has its own internal encryption, and it must be available to provide the keys for the encrypted devices before the encrypted devices can be accessed.	If you want to use VMware vCenter to deploy KeyControl using an OVA template, see KeyControl OVA Installation. If you want to install KeyControl on an existing VM, see KeyControl ISO Installation.
3	Configure the first KeyControl node and initialize the KeyControl webGUI.	For OVA, see Configuring the First KeyControl Node (OVA Install). For ISO, see Installing the First KeyControl Node from an ISO Image.
4	If desired, install additional KeyControl nodes and join them to the cluster. The number of nodes you can install is dictated by your KeyControl license.	For OVA, see KeyControl OVA Installation followed by Adding a New KeyControl Node to an Existing Cluster (OVA Install). For ISO, see Installing a New KeyControl Cluster Node from an ISO Image.
5	Optionally, create a KeyControl user with Cloud Admin privileges.	The Policy Agent installation process requires you to specify a KeyControl user account with Cloud Admin privileges. While you can use the default `secroot` account for this purpose, you may want to create a separate account with limited permissions instead of exposing the `secroot` password on the VM. For details, see Creating a Cloud Admin User Account.
6	Create at least one Cloud VM Set into which you can put the VMs you plan to encrypt.	A Cloud VM Set is required when you register the Policy Agent with KeyControl. For details, see Creating a Cloud VM Set.
7	Install the HyTrust DataControl Policy Agent on each VM that you want to encrypt.	For Linux, see Linux Policy Agent Installation. For Windows, see Windows Policy Agent Installation.

Note: A 30-day license key is shipped with the product and will be activated when you install and configure the first KeyControl node. This trial license allows you to install up to two KeyControl nodes, encrypt up to 5 virtual machines, and use all product features. For details about managing your licenses, see Upgrading Your License.