Major Components

HyTrust DataControl^® provides encryption and key management for virtual machines located in data centers or private, public, or hybrid clouds. DataControl works with:

• VMware vSphere
• Amazon Web Services (AWS)
• Google Cloud Platform (GCP)
• Microsoft Azure
• IBM Bluemix

DataControl consists of two main components:

• HyTrust KeyControl (KeyControl) — KeyControl stores encryption keys, policies, and configuration for any number of virtual machines with the HyTrust DataControl Policy Agent installed. You can configure KeyControl directly through the browser-based KeyControl webGUI using HTTPS, or remotely through the hicli command line interface (CLI) or a set of REST-based APIs.

  You can install multiple KeyControl nodes in an active-active cluster to provide load balancing and high availability support. Because this is an active-active cluster, you can make changes to the settings on any KeyControl node in the cluster and those changes are immediately reflected on all KeyControl nodes in the cluster.

• HyTrust DataControl Policy Agent (Policy Agent) — A software module that runs inside Windows and most Linux operating systems that provides encryption of virtual disks, filesystems, and individual files. All VMs that have the Policy Agent installed can also securely share encrypted files and disks as long as those VMs are registered with the same Cloud VM Set.

  You must install a copy of the Policy Agent on each VM you want to encrypt with DataControl.

The following figure provides a high-level view of the main architectural components of HyTrust DataControl.