SecureCloud provides an encryption and decryption key to a virtual machine image after its information has been evaluated against the policy rules. If the requesting instance meets the rules defined in the policies, then you can take one of the following actions on a pending key:

As part of the key request, the Runtime Agent sends the instance identity and integrity data to the SecureCloud server. It then validates data against policy settings to determine whether the request has to be approved.