CCI Private Cloud - VM Encryption

This document details VM Encryption and vTPM for VMs hosted in the CCI Private Cloud Virtualization Environment.


vSphere Virtual Machine Encryption is available on per VM basis and is enabled by manual process performed by the CCI team.

Things to consider

  • Performance maybe affected; security is a tradeoff.
  • VM needs to be off to add Encryption.

VM Encryption

  • Encrypts the VM itself and all its settings.
  • Encrypts the disks. Can be all or individually selected.

CCI uses vSphere Native Key Provider for VM Encryption
NKP Q&A - https://core.vmware.com/native-key-provider-questions-answers

Alternatives to vSphere Virtual Machine Encryption 

Microsoft BitLocker
BitLocker support in a VM - https://kb.vmware.com/s/article/2036142

  • Windows Server 2008 and later
  • Designed to protect data by providing encryption for entire volumes.
    • Microsoft does not support the use of BitLocker on the bootable partition of a virtual hard disk.
    • BitLocker is supported on non-bootable partitions of a virtual hard disk.
 

 



Keywords:
bitLocker, cci, cciv, cloud, encryption, machine, nkp, private, virtual, virtualization, vm, vtpm
Doc ID:
132284
Owned by:
Drew D. in CCI Private Cloud
Created:
2023-10-24
Updated:
2024-12-02
Sites:
Campus Cloud Infrastructure (CCI) - Private Cloud