Hi All,
has anyone setup KMS server in vsphere environment for virtual machine encryption .
also if there is any free community solution available for KMS server .
See: Add a KMS to vCenter Server in the vSphere Web Client
Also see: Barbican - OpenStack
Yes, I have. If you want to give it a try. Check out this HOL.
HOL-2011-03-SDC - VMware vSphere Platinum - Security Getting Started
I am not aware of a free solution.
thnaks .
Yes, set up last month. I ended up using a KMIP solution from HyTrust. It cost approx £2k for 2 node solution - virtual appliance. Their support was excellent and i got the product up and running in a day. They even modified their solution for my particular use case and sent out a revised version within weeks.
Be aware there are a few limitations with VM Encryption - you will need to experiment; its not all singing all dancing. E.g. vCenter VM is not encrypted.
I've been using KMS with this:
https://github.com/gwojcieszczuk/kms4vsphere
Easy to deploy and configure. Just remember to delete the private and public key from the VM or anybody can download them trough a browser.
Decryption and Encryption of VMs is really easy and even if you have a new vCenter running it still is possible to decrypt the VMs as long as you established a trust with the old kms and the new vCenter 🙂