vSphere 6.5 introduces the several latest features and improvements including one of the notable feature is the encrypted VMs. This guide will walk you through the steps configure and create encrypted VMs in vSphere 6.5.
Configuring Encrypted VMs in vSphere 6.5
To begin deploying encrypted VMs, first you need to add vCenter to a Key Management Server. To accomplish this, navigate to vCenter server inventory list, Click Manage > Key Management Servers > Add Server.
Provide the information for your cluster name, server alias, server address, and server port.
Here you will see a security dialog prompts you to trust the certificate.
Once trusted, you can see green check boxes next to the Certificate status as show in image below.
Under KM Servers, Set Cluster as default
Creating encryption Storage Policy
Add a storage policy.
Provide Name for the policy.
Under Common Rules tab, Tick "Use common rules in the VM storage policy". Click Add Component, Click Encryption.
Under the Rule-Set 1 tab, select the vmwarevmcrypt then Click Add rule, Click vmcrypt
Leave the "Allow I/O filters before encryption" to false.
Uncheck the "Use rule-sets in the storage policy".
The following screen shows the storage compatibility.
Click Finish to create the encryption storage policy.
Here you can see EncryptionPolicy is now listed in the available VM storage policies.
Creating encrypted VM
Under Select a creation type, select Create a new virtual machine. Click Next
Provide the VM name and select the folder where you want to store VM
Select a compute resource
Select your Encryption Policy from the VM storage policy drop down.
Leave the compatibility with ESXi 6.5 and later. Click Next
Choose your guest operating system family and version. Click Next
When you expand the hard disk for the VM, notice how the VM storage policy shows the Encryption Policy.
Another useful feature is the Encrypted vMotion. You can configure setting here to determine how the VM handles vMotion to another host.
There are three options here:
- Disabled – Do not use encrypted vMotion
- Opportunistic – Use encrypted vMotion if the destination host supports it, otherwise use normal vMotion
- Required – The vMotion process with this VM must use encrypted vMotion. If the vMotion operation doesn’t support encryption on the destination host, the vMotion operation will fail.
Choose your option and click Next
I hope this guide was useful to configure and create encrypted virtual machines within the vSphere 6.5.