Virtual Machine Security

Encryption in vSphere protects virtual machines, virtual disks, and related files. First you set up a trusted connection between vCenter Server and a key management server (KMS), then vCenter Server can retrieve keys from the KMS as needed. Physical device security and advanced options are additional concerns.

Various aspects of virtual machine encryption are handled differently. You manage setup of the KMS trusted connection and perform most encryption workflows from the vSphere Client. You manage automation of some advanced features using the vSphere Web Services SDK, as discussed in this chapter. You use the crypto-util command-line tool directly on ESXi hosts for some special cases, for example, to decrypt the core dumps in a vm-support bundle.