Hello All
Setting up a new environment. 15 to 20 VMs.
I've got the hardware requirements sorted Dell R640's …..
One of the requirements is VM disk encryption.
The questions I have are:
Do I need Enterprise plus or higher to do this?
Can ROBO do disk encryption? Pros and Cons?
Anyone recommend a good KMS product that will work with VMware, MS SQL & My SQL? (I was thinking Gemalto, but something cheaper would be nice)
Anyone got any gotchas when setting this up?
Regards
Andrew.
Hi there,
I can only help you with the first question;
You need at least VMware vSphere Enterprise Plus™. See page 2;
https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/vsphere/vmw-flyr-comparevsphereedi...
Other then that I have no field experience with VM encryption.
Hi there,
I can only help you with the first question;
You need at least VMware vSphere Enterprise Plus™. See page 2;
https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/vsphere/vmw-flyr-comparevsphereedi...
Other then that I have no field experience with VM encryption.
Hello,
to do per-VM Disk encryption you need the vSphere Enterprise Plus or vSphere ROBO Enterprise License:
Is this an additional environment to your Main Datacenter? If so, the ROBO License might be a good option.
I have used HyTrust for the per-VM Disk and VSAN encryption https://www.hytrust.com/products/keycontrol/
Hi,
you need at least vSphere Enterprise Plus to use VM Encrytion. Make sure that the Backup Software you want to use support this (Veeam is fine). And you should make sure that your KMS is not the SPoF in your design.
Forgot to say I'll want to use vSAN for the storage over three identical hosts.
Check this FAQ: vSphere 6.5/6.7: VM and vSAN Encryption FAQ | Encryption | VMware vSphere Central
It depends on your requirements. VM Encryption elementary differs from vSAN Encryption.
The FAQ that blazilla already shared highlights the main differences between both encryption types.
The main question is, what do you want to protect yourself from? Only robbery of servers / disks or also "bad" access to your running VMs and copy of VMDKs etc.? Per VM key can also be pretty important.
In my opinion, there is also a Per VM encryption usecase on VSAN, even with the disadvantage in efficiency.
Recommend HyTrust KMIP product. Great value and tech support.