Data Encryption Overview

This chapter describes support for encryption within individual Virtual Machines (VMs) wherever they reside (data center, private, public or hybrid clouds). For virtual machines, HyTrust's encryption works independently of the type of the hypervisor platform (Type 1, Type 2, etc.) as well as the hypervisor vendor (VMware, Microsoft, Citrix, Red Hat, etc.) and Cloud environment (Amazon AWS, ENKI, Microsoft Azure, etc.) or cloud frameworks such as OpenStack. Throughout the chapter, we will refer to the virtualized case and reference the agent being managed by KeyControl as a "VM."

Once the VM has been registered, you can manage it through the KeyControl webGUI or the hicli.

In order to encrypt a VM, complete the following tasks:

Step	Task	Description
1	Install KeyControl and configure the KeyControl cluster.	See Installation Overview.
2	If desired, create one or more custom Cloud Admin Groups in addition to the default Cloud Admin Group.	See Creating a Custom Cloud Admin Group. This step requires a KeyControl account with Security Admin privileges.
3	Create one or more users with Cloud Admin privileges and assign them to the appropriate Cloud Admin groups.	See Creating a New KeyControl-Managed User Account. This step requires a KeyControl account with Security Admin privileges.
4	Create one or more Cloud VM Sets.	See Creating a Cloud VM Set. This step requires a KeyControl account with Cloud Admin privileges.
5	Install the HyTrust DataControl Policy Agent on the VM you want to encrypt and register it with KeyControl.	For Linux, see Linux Policy Agent Installation. For Windows, see Windows Policy Agent Installation.
6	Encrypt the data on the VM.	See one of the following: Linux Encryption Overview. Windows Encryption Prerequisites. Linux Root, Swap, and System Device Encryption. Windows Boot Drive Encryption.