When you create an encrypted virtual machine from the vSphere Web Client, any virtual disks that you add during virtual machine creation are encrypted. You can decrypt virtual disks that are encrypted by using the Edit VM Storage Policies option.
Note: An encrypted virtual machine can have virtual disks that are not encrypted. However, an unencrypted virtual machine cannot have encrypted virtual disks.
See Virtual Disk Encryption.
This task describes how to change the encryption policy using storage policies. You can use either the vSphere Client (HTML5-based client) or the vSphere Web Client. You can also use the Edit Settings menu to make this change.
Prerequisites
- You must have the privilege.
- Ensure that the virtual machine is powered off.
Procedure
- Connect to vCenter Server by using either the vSphere Client (HTML5-based client) or the vSphere Web Client.
- Right-click the virtual machine and select .
- Change the storage policy.
- vSphere Client (HTML5-based client):
- To change the storage policy for the VM and its hard disks, select an encryption storage policy and click OK.
- To encrypt the VM but not the virtual disks, toggle on Configure per disk, select the encryption storage policy for VM Home and other storage policies for the virtual disks, and click OK.
- vSphere Web Client:
- To change the storage policy for the VM and its hard disks, select an encryption storage policy and click Apply to all.
- To encrypt the VM but not the virtual disks, select the encryption storage policy for VM Home and other storage policies for the virtual disks, and click Apply.
You cannot encrypt the virtual disk of an unencrypted VM.
- If you prefer, you can change the storage policy from the Edit Settings menu.
- Right-click the virtual machine and select Edit Settings.
- Select the Virtual Hardware tab, expand a hard disk, and choose an encryption policy from the drop-down menu.
- Click OK.
