Before you can create encrypted virtual machines, you must create an encryption storage policy. You create the storage policy once, and assign it each time you encrypt a virtual machine or virtual disk.
If you want to use virtual machine encryption with other I/O filters, see the vSphere Storage documentation for details.
Set up the connection to the KMS.
Although you can create a VM Encryption storage policy without the KMS connection in place, you cannot perform encryption tasks until trusted connection with the KMS server is established.
- Log in to the vCenter Server by using the vSphere Web Client.
- Select Home, click Policies and Profiles, and click VM Storage Policies.
- Click Create VM Storage Policy.
- Specify the storage policy values.
- Enter a storage policy name and optional description and click Next.
- If you are new to this wizard, review the Policy structure information, and click Next.
- Select the Use common rules in the VM storage policy check box.
- Click Add component and select and click Next.
The default properties are appropriate in most cases. You need a custom policy only if you want to combine encryption with other features such as caching or replication.
- Deselect the Use rule-sets in the storage policy check box and click Next.
- On the Storage compatibility page, leave Compatible selected, choose a datastore, and click Next.
- Review the information and click Finish.