You can encrypt an existing virtual machine or virtual disk by changing its storage policy. You can encrypt virtual disks only for encrypted virtual machines.
You cannot encrypt a virtual machine by using the Edit Settings menu. You can encrypt virtual disks of an encrypted virtual machine by using the Edit Settings menu.
- Establish a trusted connection with the KMS and select a default KMS.
- Create an encryption storage policy, or use the bundled sample, VM Encryption Policy.
- Ensure that the virtual machine is powered off.
- Verify that you have the required privileges:
- If the host encryption mode is not Enabled, you also need .
- Connect to vCenter Server by using the vSphere Web Client.
- Right-click the virtual machine that you want to change and select
. You can set the storage policy for the virtual machine files, represented by VM home, and the storage policy for virtual disks.
- Select the storage policy that you want to use from the drop-down menu.
You cannot encrypt the virtual disk of an unencrypted VM.
- To encrypt the VM and its hard disks, select an encryption storage policy and click Apply to all.
- To encrypt the VM but not the virtual disks, select the encryption storage policy for VM Home and other storage policies for the virtual disks, and click Apply.
- If you prefer, you can encrypt virtual disks from the Edit Settings menu.
- Right-click the virtual machine and select Edit Settings
- Leave Virtual Hardware selected.
- Open the virtual disk for which you want to change the storage policy and make a selection from the VM Storage Policy drop-down menu.
- Click OK.