Encrypt VMware Site Disk
Objective
This document provides instructions on how to configure VMware CE Site Virtual Machine Disk (VMDK) encryption using vSphere client. This helps to keep the data on disk encrypted at rest, aiding in securely managing your CE.
Note: To learn more about VMware disk encryption, see Encryption in Your vSphere Environment.
Prerequisites
-
VMware vSphere Hypervisor (ESXi) 7.0 or later. The examples in this document are based on version 7.0.0.
-
A vSphere Key Provider is required to be configured. See vSphere Key Provider for configuration instructions.
Encrypt CE Disk
You can enable disk encryption either during the VM creation or after the VM is created. Follow the chapters below for instructions on both procedures.
Enable Disk Encryption During VMware VM Creation
-
During VM creation, as described in the VMware Site Creation document, for storage selection, select
Encrypt this virtual machine (Requires Key Management Server). -
Select a policy for the
VM Storage Policyfield. -
Click
Next.
Note: By default, the
VM Storage Policyis set to a default data storage policy. Click on it to see a drop-down list with the policies you created.
Enable Disk Encryption for Existing VMware VM using vSphere
Step 1: Power off the VM.
-
Log in using your vSphere client.
-
Right-click on your virtual machine, and then select
Power off.
Step 2: Configure storage policies to enable disk encryption.
- Click the
Configuretab.
Figure: Open Configure Tag
- Click
Policies.
Figure: Open Policies
- Click
EDIT VM STORAGE POLICIES.
Figure: Edit Storage Policies
- Select your Encryption policy under
VM storage policy. The default selection isVM Encryption Policy.
Figure: Select Storage Policies
- Click
OK.
Figure: Click OK
Step 3: Power on the VM.
-
Log in using your vSphere client.
-
Right-click on your virtual machine, and then select
Power on.