With the advent of the 6.5 vSphere platform comes some much needed/requested features. The new built in ability to encrypt virtual machines at the hypervisor level is for sure a major plus towards the hardening of security.
VMWare has noted a few advantages to their application of encryption, noted below:
- The encryption happens via policy which can be easily applied to numerous vms in one go.
- Encryption happens at the hypervisor level and not in the virtual machine, so there are no special needs for the datastore or operating system within the virtual machine
Enabling the encryption policy is as easy as the following:
(Note, you must be running a KMS. My demo is with the HYTRUST KeyControl KMS)
Select a powered off virtual machine:
Right click the virtual machine and got to VM Policies > Edit VM Storage Policies…
From the presented drop down menu select VM Encryption Policy > Hit apply all, which will then encrypt the vm folder and disks, and then hit “OK”
You can watch the recent task as it completes.
Over on VM storage policies you will now see the storage policy is compliant for VM Encryption.
When you edit the virtual machine and check vm options, you will then see that encrypted vmotion has been set to required.
Im going ti do another write up soon on standing up a KMS with Hytrust (on the HCL) and how to incorporate it into vcenter.