vSphere vCenter Server VM Encryption

GPTKB entity

Statements (44)
Predicate Object
gptkbp:instanceOf VMware technology feature
gptkbp:appliesTo existing VMs
new VMs
gptkbp:auditedBy vCenter Server events
gptkbp:canBe replication
snapshots
backups
clones
VM templates
gptkbp:compatibleWith gptkb:vSAN_encryption
VMs with Fault Tolerance enabled
VMs with PCI passthrough devices
VMs with vSphere Replication prior to 6.5.1
vSAN encryption (vSAN has its own encryption)
gptkbp:documentation https://docs.vmware.com/en/VMware-vSphere/index.html
gptkbp:doesNotEncrypt guest OS data in memory
network traffic (unless vMotion encryption is used)
gptkbp:enables encryption of virtual machine files
gptkbp:encryption VM swap files
VM home files
virtual disks (VMDK files)
https://www.w3.org/2000/01/rdf-schema#label vSphere vCenter Server VM Encryption
gptkbp:introducedIn gptkb:vSphere_6.5
gptkbp:managedBy gptkb:vCenter_Server
gptkbp:partOf gptkb:VMware_vSphere
gptkbp:policyManagedBy vSphere Storage Policy Based Management (SPBM)
gptkbp:protectedBy unauthorized access to VM data
gptkbp:repealedBy removing KMS key
gptkbp:requires gptkb:vCenter_Server
gptkb:Enterprise_Plus_license
gptkb:Key_Management_Server_(KMS)
hardware virtualization support (AES-NI recommended)
ESXi host version 6.5 or later
VM Encryption policy
vSphere Web Client or vSphere Client for management
gptkbp:supports role-based access control
encryption at rest
key rotation
encryption in motion (vMotion encryption)
key re-encryption
gptkbp:supportsAlgorithm AES-256 XTS
gptkbp:uses KMIP protocol for KMS integration
gptkbp:bfsParent gptkb:vSphere_8
gptkbp:bfsLayer 8