In the various VMware courses that I deliver, one of the scariest topics potentially for my delegates is around VMware VM encryption.
This is briefly what VM Encryption does.
VM encryption was released with Hardware version 13 in ESXi 6.5
We get protection of virtual machine files, virtual disk files, and core dump files. This is provided via multi-layer key protection.
With the encryption we provide.
Key management provided by key servers.
Use of the Key Management Interoperability Protocol (KMIP), an industry standard for the management of security keys.
Nonpersistence of keys for added security.
The scariest part for most people is:
"I never like encryption, in case I can't encrypt."
James Doyle of VMware did the following session at VMworld 2017.
Understand and Avoid Common Issues with Virtual Machine Encryption
It's definitely worth a watch and I'll be pointing my delegates towards this session, hopefully James can put their minds at ease.