VMware 6.5 Virtual Machines encryption - practical implementation.

Hello,

we have scenario with ROBO (Remote Office Branch Office) with single or dual hypervisors. As  ROBO has lower physical security than HQ we need to ensure that in case of theft data on Virtual Machines will be protected.

We analyze VMware documentation and we established that we need at least:
a) VMware 6.5 Enterprise Plus level license for Remotes Offices hypervisors
b) vCenter 6.5 Standard server for managing these hypervisors from HQ
c) third party KMS (Key Management Server) in HQ as Key Server per https://www.vmware.com/resources/compatibility/pdf/vi_kms_guide.pdf

As we understand we deploy VMware 6.5 Enterprise Plus host to our Remote Office and manage this host with vCenter 6.5 Server Standard in our HQ that is connected to third party KMS also in HQ. When encrypted VM in Remote Office trying to start it must have connection to vCenter and via vCenter to KMS. After successfull key handshake VM started and encryption are invisible to guest OS.

We have following questions:
a) Did anyone form E-E community has real life experience with VMware 6.5 VM encryption, especially with third party KMS ?
We need to know that we properly understand the architecture.

b) Are VMware ROBO Advanced edition are full equivalent of VMware Enterprise Plus license and as such supporting VM encryption ? This is much better offer for Remote Offices that full CPU license.

c) We try to estimate costs of KMS but in our country (Poland) we have some difficulties:
- KMS from Dell EMC - Dell reply that they just purchased this company and they dont have offering for now.
- KMS from Gemalto - Gemalto give us some crazy offering with several elements besides KMS server (Keysecure k170v)
They said " Key Server can be integrated with any solution via KMIP or with their own connectors ProtectV(Virtual Volumes), ProtectFile(Files) etc
For other KMS solution from Vmware compatibility document we don't find represenatives.
If anybody has experience especially with Gemalto and can tell us what licesnes are just enough ?

d) Are there other solutions for KMS like Microsoft or Open Source that will properly work with VMware ?

thanks in advance for any informations from your experience.
RMPLCOOAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RMPLCOOAuthor Commented:
Ad. a. It looks like we properly understand architecture.

Ad.c. In this scenario we establish with Gemalto represenatative that only KMS is required. Other elements are for different scenarios and not required in ours.

Finally project was suspended indefinitely due to costs, and another approach to the topic.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RMPLCOOAuthor Commented:
We closing the the question with comment. Hopefully it could be usefull for someone.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.