KeyControl for VMware vSAN Encryption | HyTrust

KeyControl for VMware vSAN Encryption

Key Manager for VMware vSAN from HyTrust

Secure Datastore encryption key management

With the release of vSAN , VMware introduced the ability to use encrypted datastores. This strengthens an organization’s in-depth security strategy. In the event data is compromised and falls into the wrong hands, it is useless.  And encryption also helps with industry data protection regulations, such as GDPR.

vSAN encryption requires a Key Management Server (KMS), to secure its Data Encryption Keys (DEK) with another layer of encryption: The Key Encryption Key (KEK). The key manager is, therefore, a cornerstone of the business-critical infrastructure and must be highly available, or the VMs can’t operate. vSAN environments require multiple encryption events throughout their lifecycle; frequent re-keying is part of a secure strategy. KeyControl preserves keys from all lifecycle stages, so snapshots and backups remain viable. This means scalability of the key management solution is also essential.

HyTrust KeyControl enables vSAN encryption users to easily manage their encryption keys at scale. HyTrust is the only KMS vendor that VMware invested in.  It is available as an OVA, for fast installation and configuration in VMware vCenter.


HyTrust KeyControl capabilities include:

  • VMWare Certified Key Manager Server (KMS) for vSAN 6.6
  • Enterprise-grade availability, scalability and performance
  • KeyControl can run in an active-active, high availability cluster
We have placed cookies on your device to help make this website better. By continuing to use this website you agree to our Cookie Policy.