vSphere vCenter Server VM Encryption
GPTKB entity
Statements (44)
Predicate | Object |
---|---|
gptkbp:instanceOf |
VMware technology feature
|
gptkbp:appliesTo |
existing VMs
new VMs |
gptkbp:auditedBy |
vCenter Server events
|
gptkbp:canBe |
replication
snapshots backups clones VM templates |
gptkbp:compatibleWith |
gptkb:vSAN_encryption
VMs with Fault Tolerance enabled VMs with PCI passthrough devices VMs with vSphere Replication prior to 6.5.1 vSAN encryption (vSAN has its own encryption) |
gptkbp:documentation |
https://docs.vmware.com/en/VMware-vSphere/index.html
|
gptkbp:doesNotEncrypt |
guest OS data in memory
network traffic (unless vMotion encryption is used) |
gptkbp:enables |
encryption of virtual machine files
|
gptkbp:encryption |
VM swap files
VM home files virtual disks (VMDK files) |
https://www.w3.org/2000/01/rdf-schema#label |
vSphere vCenter Server VM Encryption
|
gptkbp:introducedIn |
gptkb:vSphere_6.5
|
gptkbp:managedBy |
gptkb:vCenter_Server
|
gptkbp:partOf |
gptkb:VMware_vSphere
|
gptkbp:policyManagedBy |
vSphere Storage Policy Based Management (SPBM)
|
gptkbp:protectedBy |
unauthorized access to VM data
|
gptkbp:repealedBy |
removing KMS key
|
gptkbp:requires |
gptkb:vCenter_Server
gptkb:Enterprise_Plus_license gptkb:Key_Management_Server_(KMS) hardware virtualization support (AES-NI recommended) ESXi host version 6.5 or later VM Encryption policy vSphere Web Client or vSphere Client for management |
gptkbp:supports |
role-based access control
encryption at rest key rotation encryption in motion (vMotion encryption) key re-encryption |
gptkbp:supportsAlgorithm |
AES-256 XTS
|
gptkbp:uses |
KMIP protocol for KMS integration
|
gptkbp:bfsParent |
gptkb:vSphere_8
|
gptkbp:bfsLayer |
8
|