Major Components

Entrust KeyControl® provides encryption and key management for virtual machines located in data centers or private, public, or hybrid clouds. Entrust KeyControl works with:

  • VMware vSphere
  • Amazon Web Services (AWS)
  • Google Cloud Platform (GCP)
  • Microsoft Azure

Entrust KeyControl consists of two main components:

  • Entrust KeyControl (KeyControl)—KeyControl stores encryption keys, policies, and configuration for any number of virtual machines with the Entrust KeyControl Policy Agent installed. You can configure KeyControl directly through one of the browser-based webGUIs using HTTPS, or remotely through the hicli command line interface (CLI) or a set of REST-based APIs.

    You can install multiple KeyControl nodes in an active-active cluster to provide load balancing and high availability support. Because this is an active-active cluster, you can make changes to the settings on any KeyControl node in the cluster and those changes are immediately reflected on all KeyControl nodes in the cluster.

  • Entrust KeyControl Policy Agent (Policy Agent)—A software module that runs inside Windows and most Linux operating systems that provides encryption of virtual disks, filesystems, and individual files. All VMs that have the Policy Agent installed can also securely share encrypted files and disks as long as those VMs are registered with the same Cloud VM Set.

    You must install a copy of the Policy Agent on each VM that you plan to use with the KeyControl Vault for Databases or the KeyControl Vault for VM Encryption.

The following figure provides a high-level view of the main architectural components of Entrust KeyControl.