vSphere Virtual Machine Encryption
GPTKB entity
Statements (37)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
VMware technology
|
| gptkbp:auditing |
vCenter logs encryption events
|
| gptkbp:compatibleWith |
gptkb:vSphere_Replication
Fault Tolerance VMware vSphere Storage DRS (for encrypted VMs) vMotion (encrypted) |
| gptkbp:developedBy |
gptkb:VMware
|
| gptkbp:documentation |
https://docs.vmware.com/en/VMware-vSphere/index.html
|
| gptkbp:doesNotEncrypt |
guest OS data in memory
network traffic (unless using encrypted vMotion) |
| gptkbp:encryption |
VM configuration files (VMX)
VM disk files (VMDK) |
| gptkbp:encryptionScope |
virtual machine files only
|
| gptkbp:granularity |
per-VM
per-VMDK |
| https://www.w3.org/2000/01/rdf-schema#label |
vSphere Virtual Machine Encryption
|
| gptkbp:introducedIn |
gptkb:vSphere_6.5
|
| gptkbp:key |
external KMS via KMIP
|
| gptkbp:managedBy |
gptkb:vCenter_Server
|
| gptkbp:policyBased |
true
|
| gptkbp:purpose |
encrypt virtual machine files
|
| gptkbp:requires |
gptkb:vCenter_Server
gptkb:Enterprise_Plus_license gptkb:Key_Management_Server_(KMS) ESXi host 6.5 or later |
| gptkbp:supports |
role-based access control
encryption at rest key rotation key revocation encryption in motion key re-encryption |
| gptkbp:supportsAlgorithm |
gptkb:AES-256
|
| gptkbp:uses |
data protection
compliance multi-tenancy security |
| gptkbp:bfsParent |
gptkb:vSphere_8
|
| gptkbp:bfsLayer |
8
|