Enable 6.5 VM Encryption

With the advent of the 6.5 vSphere platform comes some much needed/requested features. The new built in ability to encrypt virtual machines at the hypervisor level is for sure a major plus towards the hardening of security.

VMWare has noted a few advantages to their application of encryption, noted below:

  • The encryption happens via policy which can be easily applied to numerous vms in one go.
  • Encryption happens at the hypervisor level and not in the virtual machine, so there are no special needs for the datastore or operating system within the virtual machine


Enabling the encryption policy is as easy as the following:

(Note, you must be running a KMS. My demo is with the HYTRUST KeyControl KMS)

Select a powered off virtual machine:

Screen Shot 2017-05-09 at 8.42.30 PM


Right click the virtual machine and got to VM Policies > Edit VM Storage Policies…

Screenshot at May 09 20-45-45


From the presented drop down menu select VM Encryption Policy > Hit apply all, which will then encrypt the vm folder and disks, and then hit “OK”

Screenshot at May 09 20-50-07

Screenshot at May 09 20-51-50

You can watch the recent task as it completes.




Over on VM storage policies you will now see the storage policy is compliant for VM Encryption.



When you edit the virtual machine and check vm options, you will then see that encrypted vmotion has been set to required.



Im going ti do another write up soon on standing up a KMS with Hytrust (on the HCL) and how to incorporate it into vcenter.

Scroll to Top