Create an Encrypted Virtual Machine

The Web Services SDK provides Java and C# code to create a virtual machine. The Java code can be modified to create an encrypted virtual machine. Steps below show how to implement virtual machine encryption in the VMCreate.java sample program. The crypto property in VirtualMachineConfigSpec should be set to CryptoSpecEncrypt, and an encryption key provided. The storage profile must have been previously set to specify encryption. If the CryptoSpec is unset, but a storage profile with encryption is set, vCenter Server automatically generates new keys and sets CryptoSpec, if a default KMS has been configured.

To enhance the com.vmware.spbm.samples.VMCreate program for encryption, follow these steps:

  1. Import the following classes: 
    import com.vmware.vim25.CryptoKeyId;
import com.vmware.vim25.CryptoSpecEncrypt;
import com.vmware.vim25.KeyProviderId;
import com.vmware.vim25.VirtualDeviceConfigSpecBackingSpec;
  2. Declare the following variables: 
    private CryptoKeyId cryptoKeyId;
private String keyId;
private String providerId;
  3. In the createVirtualDisk() function, find the following line: 
    diskSpec.setOperation(VirtualDeviceConfigSpecOperation.ADD);
  4. In the createVirtualDisk() function, add the following code after the line you found in the previous step: 
    if ((keyId != null) && (providerId != null)) {
   CryptoSpecEncrypt cSpec = new CryptoSpecEncrypt();
   VirtualDeviceConfigSpecBackingSpec backingSpec =
         new VirtualDeviceConfigSpecBackingSpec();
   cSpec.setCryptoKeyId(buildCryptoKeyId());
   backingSpec.setCrypto(cSpec);
   diskSpec.setBacking(backingSpec);
}
  5. In the createVmConfigSpec() function, find the following line: 
    VirtualMachineConfigSpec configSpec = new VirtualMachineConfigSpec();
  6. In the createVmConfigSpec() function, add the following code after the line you found in the previous step: 
    if ((keyId != null) && (providerId != null)) {
   CryptoSpecEncrypt cryptoSpecForVMHome = new CryptoSpecEncrypt();
   cryptoSpecForVMHome.setCryptoKeyId(buildCryptoKeyId());
   configSpec.setCrypto(cryptoSpecForVMHome);
}
  7. Add the following options toward the end of file: 
    @Option(name = "keyid", description = "Key Id", required = false)
public void setKeyId(String kid) {
   this.keyId = kid;
}
@Option(name = "providerid", description = "Cluster/Provider Id", required = false)
public void setProviderId(String pid) {
   this.providerId = pid;
}

The SPBM sample code is in the Storage Policy SDK, not in the vSphere Web Services SDK.