You can configure instant clones to use the vSphere Virtual Machine Encryption feature so that instant-clone desktops have the same encryption keys.

Prerequisites

  • vSphere 7.0 or later.
  • Create the Key Management Server (KMS) cluster with key management servers.
  • To create a trust between KMS and vCenter Server, accept the self signed CA certificate or create a CA signed certificate.
  • In vSphere Web Client, create the VMcrypt/VMEncryption storage profile.
  • Horizon 7
Note: For details about the Virtual Machine Encryption feature in vSphere, see the vSphere Security document in the vSphere documentation.

Procedure

  1. To configure instant-clones that use the same encryption keys, use the vSphere Client to create a golden image VM with the vmencrypt storage policy.
    The vmencrypt storage policy applies only when the golden image VM does not have any snapshots. The clone inherits the golden image encryption state, including keys.
  2. Take snapshot of the golden image VM with the vmencrypt storage policy applied.
  3. Create instant-clone desktops that point to the golden image VM with the vmencrypt storage policy applied so that all desktops have the same encryption keys.
    Note: Instant-clone desktops with CBRC digestive disks that exist cannot get the vmencrypt storage policy.