diff --git a/hosted_control_planes/index.adoc b/hosted_control_planes/index.adoc
index 061850f507..c60f50f24e 100644
--- a/hosted_control_planes/index.adoc
+++ b/hosted_control_planes/index.adoc
@@ -10,6 +10,12 @@ toc::[]
 
 include::modules/hosted-control-planes-concepts-personas.adoc[leveloffset=+1]
 include::modules/hosted-control-planes-overview.adoc[leveloffset=+1]
+include::modules/hcp-ocp-differences.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../security/encrypting-etcd.adoc#encrypting-etcd[Enabling etcd encryption]
+
 include::modules/hcp-mce-acm-relationship-intro.adoc[leveloffset=+1]
 include::modules/hosted-control-planes-version-support.adoc[leveloffset=+1]
 
diff --git a/modules/hcp-ocp-differences.adoc b/modules/hcp-ocp-differences.adoc
new file mode 100644
index 0000000000..6a1929064f
--- /dev/null
+++ b/modules/hcp-ocp-differences.adoc
@@ -0,0 +1,168 @@
+// Module included in the following assemblies:
+//
+// * hosted_control_planes/index.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="hcp-ocp-differences_{context}"]
+= Differences between {hcp} and {product-title}
+
+{hcp-capital} is a form factor of {product-title}. Hosted clusters and the stand-alone {product-title} clusters are configured and managed differently. See the following tables to understand the differences between {product-title} and {hcp}:
+
+
+[id="cluster-creation_{context}"]
+== Cluster creation and lifecycle
+
+[cols="2a,2a",options="header"]
+|===
+
+|{product-title} |{hcp-capital}
+
+|You install a standalone {product-title} cluster by using the `openshift-install` binary or the Assisted Installer.
+|You install a hosted cluster by using the `hypershift.openshift.io` API resources such as `HostedCluster` and `NodePool`, on an existing {product-title} cluster.
+
+|===
+
+[id="cluster-configuration_{context}"]
+== Cluster configuration
+
+[cols="2a,2a",options="header"]
+|===
+
+|{product-title} |{hcp-capital}
+
+|You configure cluster-scoped resources such as authentication, API server, and proxy by using the `config.openshift.io` API group.
+|You configure resources that impact the control plane in the `HostedCluster` resource.
+
+|===
+
+[id="etcd-encryption_{context}"]
+== etcd encryption
+
+[cols="2a,2a",options="header"]
+|===
+
+|{product-title} |{hcp-capital}
+
+|You configure etcd encryption by using the `APIServer` resource with AES-GCM or AES-CBC. For more information, see "Enabling etcd encryption".
+|You configure etcd encryption by using the `HostedCluster` resource in the `SecretEncryption` field with AES-CBC or KMS for {aws-full}.
+
+|===
+
+[id="operators-and-control-plane_{context}"]
+== Operators and control plane
+
+[cols="2a,4a",options="header"]
+|===
+
+|{product-title} |{hcp-capital}
+
+|A standalone {product-title} cluster contains separate Operators for each control plane component.
+|A hosted cluster contains a single Operator named Control Plane Operator that runs in the hosted control plane namespace on the management cluster.
+
+|etcd uses storage that is mounted on the control plane nodes. The etcd cluster Operator manages etcd.
+|etcd uses a persistent volume claim for storage and is managed by the Control Plane Operator.
+
+|The Ingress Operator, network related Operators, and {olm-first} run on the cluster.
+|The Ingress Operator, network related Operators, and {olm-first} run in the hosted control plane namespace on the management cluster.
+
+|The OAuth server runs inside the cluster and is exposed through a route in the cluster.
+|The OAuth server runs inside the control plane and is exposed through a route, node port, or load balancer on the management cluster.
+
+|===
+
+[id="upgrades_{context}"]
+== Updates
+
+[cols="2a,2a",options="header"]
+|===
+
+|{product-title} |{hcp-capital}
+
+|The Cluster Version Operator (CVO) orchestrates the update process and monitors the `ClusterVersion` resource. Administrators and OpenShift components can interact with the CVO through the `ClusterVersion` resource. The `oc adm upgrade` command results in a change to the `ClusterVersion.Spec.DesiredUpdate` field in the `ClusterVersion` resource.
+|The {hcp} update results in a change to the `.spec.release.image` field in the `HostedCluster` and `NodePools` resources. Any changes to the `ClusterVersion` resource are ignored.
+
+|After you update an {product-title} cluster, both the control plane and compute machines are updated.
+|After you update the hosted cluster, only the control plane is updated. You perform node pool updates separately.
+
+|===
+
+[id="machine-config-manage_{context}"]
+== Machine configuration and management
+
+[cols="2a,2a",options="header"]
+|===
+
+|{product-title} |{hcp-capital}
+
+|The `MachineSets` resource manages machines in the `openshift-machine-api` namespace.
+|The `NodePool` resource manages machines on the management cluster.
+
+|A set of control plane machines are available.
+|A set of control plane machines do not exist.
+
+|You enable a machine health check by using the `MachineHealthCheck` resource.
+|You enable a machine health check through the `.spec.management.autoRepair` field in the `NodePool` resource.
+
+|You enable autoscaling by using the `ClusterAutoscaler` and `MachineAutoscaler` resources.
+|You enable autoscaling through the `spec.autoScaling` field in the `NodePool` resource.
+
+|Machines and machine sets are exposed in the cluster.
+|Machines, machine sets, and machine deployments from upstream {cluster-capi-operator} are used to manage machines but are not exposed to the user.
+
+|All machine sets are upgraded automatically when you update the cluster.
+|You update your node pools independently from the hosted cluster updates.
+
+|Only an in-place upgrade is supported in the cluster.
+|Both replace and in-place upgrades are supported in the hosted cluster.
+
+|The Machine Config Operator manages configurations for machines.
+|The Machine Config Operator does not exist in {hcp}.
+
+|You configure machine Ignition by using the `MachineConfig`, `KubeletConfig`, and `ContainerRuntimeConfig` resources that are selected from a `MachineConfigPool` selector.
+|You configure the `MachineConfig`, `KubeletConfig`, and `ContainerRuntimeConfig` resources through the config map referenced in the `spec.config` field of the `NodePool` resource.
+
+|The Machine Config Daemon (MCD) manages configuration changes and updates on each of the nodes.
+|For an in-place upgrade, the node pool controller creates a run-once pod that updates a machine based on your configuration.
+
+|You can modify the machine configuration resources such as the SR-IOV Operator.
+|You cannot modify the machine configuration resources.
+
+|===
+
+[id="netowrking_{context}"]
+== Networking
+
+[cols="2a,2a",options="header"]
+|===
+
+|{product-title} |{hcp-capital}
+
+|The Kube API server communicates with nodes directly, because the Kube API server and nodes exist in the same Virtual Private Cloud (VPC).
+|The Kube API server communicates with nodes through Konnectivity. The Kube API server and nodes exist in a different Virtual Private Cloud (VPC).
+
+|Nodes communicate with the Kube API server through the internal load balancer.
+|Nodes communicate with the Kube API server through an external load balancer or a node port.
+
+|===
+
+[id="web-console_{context}"]
+== Web console
+
+[cols="2a,2a",options="header"]
+|===
+
+|{product-title} |{hcp-capital}
+
+|The web console shows the status of a control plane.
+|The web console does not show the status of a control plane.
+
+|You can update your cluster by using the web console.
+|You cannot update the hosted cluster by using the web console.
+
+|The web console displays the infrastructure resources such as machines.
+|The web console does not display the infrastructure resources.
+
+|You can configure machines through the `MachineConfig` resource by using the web console.
+|You cannot configure machines by using the web console.
+
+|===