VMware Cloud Community
jvm2016
Hot Shot
Hot Shot

KMS setup_virtual machine encryption

Hi All,

has anyone setup KMS server in vsphere environment for virtual machine encryption .

also if there is any free community solution available for KMS server .

Reply
0 Kudos
5 Replies
T180985
Expert
Expert

See: Add a KMS to vCenter Server in the vSphere Web Client

Also see: Barbican - OpenStack

Please mark helpful or correct if my answer resolved your issue. How to post effectively on VMTN https://communities.vmware.com/people/daphnissov/blog/2018/12/05/how-to-ask-for-help-on-tech-forums
Reply
0 Kudos
Deso1ator
Enthusiast
Enthusiast

Yes, I have. If you want to give it a try. Check out this HOL.

HOL-2011-03-SDC - VMware vSphere Platinum - Security Getting Started

I am not aware of a free solution.

Reply
0 Kudos
jvm2016
Hot Shot
Hot Shot

thnaks .

Reply
0 Kudos
jchilton
Enthusiast
Enthusiast

Yes, set up last month. I ended up using a KMIP solution from HyTrust. It cost approx £2k for 2 node solution - virtual appliance. Their support was excellent and i got the product up and running in a day.  They even modified their solution for my particular use case and sent out a revised version within weeks.

Be aware there are a few limitations with VM Encryption - you will need to experiment; its not all singing all dancing. E.g. vCenter VM is not encrypted.

Reply
0 Kudos
meoli
Enthusiast
Enthusiast

I've been using KMS with this:

https://github.com/gwojcieszczuk/kms4vsphere

Easy to deploy and configure. Just remember to delete the private and public key from the VM or anybody can download them trough a browser.

Decryption and Encryption of VMs is really easy and even if you have a new vCenter running it still is possible to decrypt the VMs as long as you established a trust with the old kms and the new vCenter 🙂

Reply
0 Kudos