VMware Cloud Community
nicolaskh83
Contributor
Contributor
‎08-30-2019 06:18 PM

Vsphere 6.5 encryption with KMS . 100% safe if files are stolen?

I have a vSphere 6.5 environment encrypted using vSphere storage encryption policy on Vdisks (no vSan Used) , with HyTrust KMS . If the VMs were somehow hacked and files (example Database files ) were stolen , can it be be accessed in a different environemnt (different Host)?  Is this way of encryption 100% secure ?

Reply
0 Kudos
3 Replies
daphnissov
Immortal
Immortal
‎08-30-2019 09:07 PM

If your VM files are stolen, yes, they're safe. If your KMS server is stolen in addition, no, they are not safe.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
0 Kudos
a_p_
Leadership
Leadership
‎08-31-2019 05:56 AM

If the VMs were somehow hacked and files (example Database files ) were stolen , can it be be accessed in a different environemnt (different Host)?

vSphere Encryption takes care of the virtual machine's files (.vmdk, ...) themselves, but not the guest files. If your guest OS is hacked, and someone steals guest OS files, these files can be opened elsewhere, except that they are also somehow encrypted.


André

Reply
0 Kudos
nicolaskh83
Contributor
Contributor
‎08-31-2019 06:07 AM

Thank you daphnissov​, what  is the best way to secure the KMS Server ? encryption maybe ?

On the other hand i have read on a different post that decryption process needs the Esxi host additionally to the KMS . this was the referenced post (in red):

Ah yes, I understand your point about stealing the server now. You are saying that if they steal the physical box on which the KMS is deployed, they should be able to start any encrypted VMs that are also hosted on that box.

That is not true. With VM encryption, vCenter is required to push the keys to the ESXi hosts in order to unlock and encrypted VMs. As long as your vCenter and KMS are not hosted on the same ESXi, you do not have a complete supply chain to get keys to the hosts. Without the keys, the VMs will remain encrypted. You will not be able to forcibly retrieve the keys from the KMS server either.

So, you could just simply enforce an Anti-affinity rule that keeps your vCenter and KMS on physically separate at all time

Can you confirm what they are saying ?

Thank you

Reply
0 Kudos