vCenter Server - establishes a connection to the KMS Server to obtain the keys to be assigned to ESXi hosts keeping only the list of key IDs (no keys are stored in the vCenter Server).You can use different vendors in different environments by creating a KMS cluster for each KMS specifying the default cluster (by default the first cluster added).
KMS instances added to the same KMS cluster configured in the vCenter Server must be from the same vendor (for example HyTrust, CloudLink, and IBM).
KMS Server - used to generate and store the keys passed to the vCenter Server.Two components are required to perform virtual machines encryption: KMS performs a certificate exchange to establish the connection with the vCenter Server. To encrypt virtual machines, the vCenter Server must be connected to a Key Management Server (KMS) to get the necessary keys to encrypt and decrypt the VMs using the KMIP protocol. VSphere VMs encryption: encrypt virtual machines - pt.3 VSphere VMs encryption: setup vCenter Server - pt.2 VSphere VMs encryption: KMS Server installation - pt.1 No additional hardware is required to encrypt and decrypt a virtual machine and the used processor should support AES-NI instructions set, enabled in the BIOS, to improve performance since encryption is a CPU intensive process. If you try to access the encrypted VMDK from an unauthorized VM, you only get unreadable data. Only the virtual machine that manages the VMDK disks owns the key used to encrypt. vmx and swap files making stored data unreadable. To improve security in a virtual environment, VMware vSphere 6.5 provides the virtual machines encryption capability securing VMDK virtual disks.
0 kommentar(er)
