Critical data storage at cloud should come with the guarantee of security and also the data must be available at rest, in motion, and in use. Different alternatives are available for storage services, while data confidentiality solutions for the cloud IaaS are still immature. In this architecture, integration of Cloud Infrastructure as-a-Service with data confidentiality is presented. This supports geographically distributed clients to connect directly to an encrypted cloud IaaS. The proposed system eliminates intermediate proxies and so it is possible to limit the availability and scalability properties that are intrinsic in cloud-based solutions.