Starting with vSphere 6.5, you can take advantage of virtual machine encryption. Encryption protects not only your virtual machine but also virtual machine disks and other files. You set up a trusted connection between vCenter Server and a key management server (KMS). vCenter Server can then retrieve keys from the KMS as needed.

You manage different aspects of virtual machine encryption in different ways.

  • Manage setup of the trusted connection with the KMS and perform most encryption workflows from the vSphere Web Client.

  • Manage automation of some advanced features from the vSphere Web Services SDK. See vSphere Web Services SDK Programming Guide and VMware vSphere API Reference.

  • Use the crypto-util command-line tool directly on the ESXi host for some special cases, for example, to decrypt the core dumps in a vm-support bundle.