CCI Private Cloud - VM Encryption
This document details VM Encryption and vTPM for VMs hosted in the CCI Private Cloud Virtualization Environment.
Portal - Login Information
vSphere Virtual Machine Encryption is available on per VM basis and is enabled by manual process performed by the CCI team.
Things to consider
- Performance maybe affected; security is a tradeoff.
- VM needs to be off to add Encryption.
VM Encryption
- Encrypts the VM itself and all its settings.
- Encrypts the disks. Can be all or individually selected.
CCI uses vSphere Native Key Provider for VM Encryption
NKP Q&A - https://core.vmware.com/native-key-provider-questions-answers
Alternatives to vSphere Virtual Machine Encryption
Microsoft BitLocker
BitLocker support in a VM - https://kb.vmware.com/s/article/2036142
- Windows Server 2008 and later
- Designed to protect data by providing encryption for entire volumes.
- Microsoft does not support the use of BitLocker on the bootable partition of a virtual hard disk.
- BitLocker is supported on non-bootable partitions of a virtual hard disk.