Encrypt VMware Site Disk
Objective
This document provides instructions on how to configure a VMware CE Site Virtual Machine Disk (VMDK) encryption using vSphere client. This helps to keep the data on disk encrypted at rest, aiding in securely managing your CE.
Note: To learn more about VMWare disk encryption, see Encryption in Your vSphere Environment.
Prerequisites
- VMware vSphere Hypervisor (ESXi) 7.0 or later. The examples in this document are based on version 7.0.0.
- A vSphere Key Provider is required to be configured. See vSphere Key Provider for configuration instructions.
Encrypt your CE Disk
You can enable disk encryption either during the VM creation or after VM is created. Follow the chapters below for instructions on both procedures.
Enable Disk Encryption During VMware VM Creation
During the VM creation as described in the VMware Site Creation document, during storage selection, select Encrypt this virtual machine (Requires Key Management Server), select a policy for the VM Storage Policy field. Click Next.
Note: By default, the
VM Storage Policyis set to a default data store policy. Click on it to see a drop-down list with the policies you created.
Enable Disk Encryption to Existing VMware VM using vSphere
Step 1: Power Off the VM.
Login using your vSphere client, right-click on your virtual machine, and select Power off.
Step 2: Configure storage policies to enable disk encryption.
-
Click on the
Configuretab.
Figure: open configure tag
-
Click
Policies
Figure: open policies
- Click
EDIT VM STORAGE POLICIES
Figure: edit storage policies
- Select your Encryption policy under
VM storage policy. The default selection isVM Encryption Policy.
Figure: select storage policies
- Click
OK.
Figure: click ok
Step 3: Power On the VM
Login using your vSphere client, right-click on your virtual machine, and select Power on.