Now that you set CryptoHub as a key provider in vCenter Server, vSphere users with the required privileges can create encrypted virtual machines and disks ( docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-431FDB2F-7F34-468D-9D6B-BC5E95279237.html). With those privileges, you can also do the following actions:Documentation Index
Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
Use this file to discover all available pages before exploring further.
- Encrypt existing virtual machines (
- Decrypt encrypted virtual machines (
- Add Virtual Trusted Platform Modules (vTPMs) to virtual machines (
Encrypt an existing virtual machine
You can encrypt existing virtual machines or virtual disks with the vSphere Client by changing their storage policy. However, you can only encrypt virtual disks for encrypted virtual machines.Ensure that the virtual machine is powered off.
Right-click the virtual machine that you want to change and select VM Policies > Edit VM Storage Policies. You can set the storage policy for the virtual machine files, represented by VM home, and the storage policy for virtual disks.
Select the VM Encryption Policy in the drop-down list. Then, choose one of the following options:
- To encrypt the VM and its hard disks, select an encryption storage policy and select [ OK ].
- To encrypt the VM but not the virtual disks, toggle Configure per disk on, select the encryption storage policy for VM Home and other storage policies for the virtual disks, and select [ OK ].
You can also encrypt the virtual machine, or both virtual machine and disks, from the Edit Settings menu in the vSphere Client.
- Right-click the virtual machine and select Edit Settings.
- Go to the VM Options tab and open Encryption. Choose an encryption policy. If you deselect all disks, only the VM home is encrypted.
- Select [ OK ].
If the VM encryption operation succeeds, the task status displays as Completed.