Keycontrol Ds

Download as pdf or txt
Download as pdf or txt
You are on page 1of 3

Entrust KeyControl

Multi-cloud key management for encrypted workloads

Managing the security of workloads in a virtualized HIGHLIGHTS


environment is a complex challenge for administrators • Deliver enterprise scale and
Encrypting workloads significantly reduces your risk of data breaches. availability, supporting Key
However, managing the keys for tens of thousands of encrypted Management Interoperability Protocol
workloads is nontrivial. To ensure strong data security, keys have to be (KMIP)-compatible encryption agents
rotated frequently, and transported and stored securely. Along with • Upgradable to Entrust DataControl
the high demand for strong data security, there is an ever-increasing for complete, multi-cloud workload
business need to meet regulatory requirements for Payment Card encryption
Industry Data Security Standard (PCI DSS), Health Insurance Portability
• Provides FIPS 140-2 Level 1 certified
and Accountability Act (HIPAA), National Institute of Standards and
assurance with optional upgrade to
Technology (NIST) 800-53, and General Data Protection Regulation
FIPS 140-2 Level 3 through seamless
(GDPR) compliance in virtual environments..
integration with Entrust nShield
With Entrust KeyControl, businesses can easily manage encryption keys hardware security module (HSM)
at scale. Using Federal Information Processing Standards (FIPS) 140-2
certified encryption algorithms, KeyControl simplifies management of
encrypted workloads by automating the lifecycle of encryption keys;
including key storage, backup, distribution, rotation, and key revocation.

Virtualization Platforms Data Management Database Storage

Key Management Interoperability Protocol (KMIP)

Orchestration and encryption

Key Management Server

KeyControl
Cluster

Learn more about KeyControl at entrust.com


Entrust KeyControl
KEY FEATURES & BENEFITS Technical specifications
Universal key management for KMIP clients • VMware certified KMS for vSphere 6.5, 6.7, and
KeyControl is a scalable and feature-rich KMIP server 7.0; vSAN 6.6, 6.7, and 7.0; and vSphere Trust
that simplifies key lifecycle management for encrypted Authority 7.0
workloads. It serves as a KMS for VMware vSphere and • Supports KMIP 1.1 – 3.0
vSAN encrypted clients, and a wide range of other KMIP
• High availability (HA) support with active-active
compatible products such as NetApp, Nutanix, Pivot3,
cluster (up to 8 KMS servers per cluster)
DB2, MySQL and MongoDB.
• FIPS 140-2 Level 1 Certified
KMIP multi-tenancy support
• FIPS 140-2 Level 3 compliance via Entrust nShield
Allows administrators to isolate different tenant
HSM on premises or as a service
environments for security and compliance.
• Enables the use of Virtual Trusted Platform Module
Enterprise scalability and performance (vTPM) cryptoprocessors in your VMs
KeyControl manages the encryption keys for all of your
virtual machines and encrypted data stores and can • Supports the use of TLS 1.2 between all
scale to support thousands of encrypted workloads in registered clients
large deployments. Up to eight key managers can be Entrust KeyControl is part of a suite of data encryption,
added to a cluster. multi-cloud key management, and virtual machine and
containerized workload security policy compliance
Enhanced multi-cloud workload encryption
products. See table on next page for details.
KeyControl is easily upgraded to Entrust DataControl,
which enables multi-cloud workload encryption and
policy-based key management. It ensures policies are
enforced, even when moving across cloud platforms –
from installation, upon boot, until each workload is
securely decommissioned.

Platform support
• Private cloud platforms: vSphere, vCloud Air
(OVH), VCE, VxRail, Pivot3, NetApp, Nutanix
• Public cloud platforms: AWS, IBM Cloud, Microsoft
Azure, VMware Cloud (VMC) on AWS, Google
Cloud Platform (GCP)
• Hypervisor support: ESXi, Xen, AWS, Azure, KVM,
Google Cloud Platform

Operating system support


CentOS, Red Hat Enterprise Linux, Ubuntu, SUSE Linux
Enterprise Server, Oracle Linux, AWS Linux, Windows
Server Core 2012 and 2016, Windows Server 2012 and
2016, Windows 7, 8, 8.1, and 10

Deployment media
ISO, OVA (Open Virtual Appliance), AMI (Amazon
Web Services marketplace), or VHD (Microsoft Azure
marketplace)

Learn more about KeyControl at entrust.com


Entrust KeyControl

ENTRUST PRODUCT DESCRIPTION LICENSING/DEPLOYMENT

KeyControl BYOK For generating and bringing your own Licensed standalone or can be deployed
cryptographic keys to AWS, Microsoft Azure, with KeyControl and/or DataControl
or Google Cloud Platform

KeyControl Enterprise encryption key management Licensed standalone or can be deployed


for KMIP-enabled workloads with KeyControl BYOK and/or DataControl

DataControl For fine-grained, agents-based control and Licensed standalone or can be deployed
encryption key management of virtual machine with KeyControl and/or KeyControl BYOK
encryption in multi-cloud environments

CloudControl For automated workload security policy


enforcement and compliance in virtualized and
containerized environments protecting sensitive
data against misconfigurations in the cloud.

Learn more at
entrust.com Global Headquarters
Entrust, nShield, and the hexagon logo are trademarks, registered trademarks, and/or service marks of Entrust 1187 Park Place, Minneapolis, MN 55379
Corporation in the U.S. and/or other countries. All other brand or product names are the property of their
respective owners. Because we are continuously improving our products and services, Entrust Corporation
U.S. Toll-Free Phone: 888 690 2424
reserves the right to change specifications without prior notice. Entrust is an equal opportunity employer. International Phone: +1 952 933 1223
© 2022 Entrust Corporation. All rights reserved. HS23Q2-keycontrol-ds

You might also like