Data Center Virtualization Certification:VCP6.5-DCV Exam Guide
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Configure and manage KMS for VM encryption

In vSphere 6.5, to encrypt VM disks, you will need to configure a Key Management Server (KMS), or, better yet, a cluster of KMS.

You can use the vSphere Web Client, as follows:

  1. Select the vCenter Server in the inventory, then select the Configure tab. Expand More, and select Key Management Server to access the KMS management section.
  1. Click on the Add KMS... icon to add the KMS server (you must have one in your network). Specify the required parameters, and click on OK to save the configuration:
Figure 1.28: Adding a new KMS
  1. Once the KMS server is successfully added to the vCenter Server, the Connection Status will be displayed as Normal. Having configured the KMS server, you can start encrypting VMs.
KMS are mandatory for VM encryption, but are not required for vMotion encryption.

For more information, see the vSphere 6.5 Security Guide (https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-78DD547A-6FFC-49F1-A5F2-ECD7507EE835.html) or the StarWind blog post at https://www.starwindsoftware.com/blog/encryption-of-vmware-vsphere-6-5-virtual-machines-and-vmotion-migrations-and-their-performance.

上一章目录下一章