VMware 6.5 Virtual Machines encryption - practical implementation.


we have scenario with ROBO (Remote Office Branch Office) with single or dual hypervisors. As  ROBO has lower physical security than HQ we need to ensure that in case of theft data on Virtual Machines will be protected.

We analyze VMware documentation and we established that we need at least:
a) VMware 6.5 Enterprise Plus level license for Remotes Offices hypervisors
b) vCenter 6.5 Standard server for managing these hypervisors from HQ
c) third party KMS (Key Management Server) in HQ as Key Server per https://www.vmware.com/resources/compatibility/pdf/vi_kms_guide.pdf

As we understand we deploy VMware 6.5 Enterprise Plus host to our Remote Office and manage this host with vCenter 6.5 Server Standard in our HQ that is connected to third party KMS also in HQ. When encrypted VM in Remote Office trying to start it must have connection to vCenter and via vCenter to KMS. After successfull key handshake VM started and encryption are invisible to guest OS.

We have following questions:
a) Did anyone form E-E community has real life experience with VMware 6.5 VM encryption, especially with third party KMS ?
We need to know that we properly understand the architecture.

b) Are VMware ROBO Advanced edition are full equivalent of VMware Enterprise Plus license and as such supporting VM encryption ? This is much better offer for Remote Offices that full CPU license.

c) We try to estimate costs of KMS but in our country (Poland) we have some difficulties:
- KMS from Dell EMC - Dell reply that they just purchased this company and they dont have offering for now.
- KMS from Gemalto - Gemalto give us some crazy offering with several elements besides KMS server (Keysecure k170v)
They said " Key Server can be integrated with any solution via KMIP or with their own connectors ProtectV(Virtual Volumes), ProtectFile(Files) etc
For other KMS solution from Vmware compatibility document we don't find represenatives.
If anybody has experience especially with Gemalto and can tell us what licesnes are just enough ?

d) Are there other solutions for KMS like Microsoft or Open Source that will properly work with VMware ?

thanks in advance for any informations from your experience.
Who is Participating?
RMPLCOOAuthor Commented:
Ad. a. It looks like we properly understand architecture.

Ad.c. In this scenario we establish with Gemalto represenatative that only KMS is required. Other elements are for different scenarios and not required in ours.

Finally project was suspended indefinitely due to costs, and another approach to the topic.
RMPLCOOAuthor Commented:
We closing the the question with comment. Hopefully it could be usefull for someone.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.