You can configure instant clones to use the vSphere Virtual Machine Encryption feature so that instant-clone desktops have the same encryption keys.
Prerequisites
- vSphere 7.0 or later.
- Create the Key Management Server (KMS) cluster with key management servers.
- To create a trust between KMS and vCenter Server, accept the self signed CA certificate or create a CA signed certificate.
- In vSphere Web Client, create the VMcrypt/VMEncryption storage profile.
- Horizon 7
Note: For details about the Virtual Machine Encryption feature in vSphere, see the
vSphere Security document in the vSphere documentation.
Procedure
- To configure instant-clones that use the same encryption keys, use the vSphere Web Client to create a parent VM with the vmencrypt storage policy or create a parent VM and then apply the vmencrypt storage policy.
The
vmencrypt storage policy applies only when the parent VM does not have any snapshots. The clone inherits the parent encryption state, including keys.
- Take snapshot of the parent VM with the vmencrypt storage policy applied.
- Create instant-clone desktops that point to the parent VM with the vmencrypt storage policy applied so that all desktops have the same encryption keys.
Note: Instant-clone desktops with CBRC digestive disks that exist cannot get the
vmencrypt storage policy.