Before you can create encrypted virtual machines, you must create an encryption storage policy. You create the storage policy once, and assign it each time you encrypt a virtual machine or virtual disk.
If you want to use virtual machine encryption with other I/O filters, or to use the Create VM Storage Policy wizard in the vSphere Client, see the vSphere Storage documentation for details.
Prerequisites
- Set up the connection to a key provider.
Although you can create a VM Encryption storage policy without the key provider connection in place, you cannot perform encryption tasks until trusted connection with the key provider is established.
- Required privileges: .
Procedure
- Log in to the vCenter Server by using the vSphere Client.
- Select Home, click Policies and Profiles, then click VM Storage Policies.
- Click Create.
- Select the vCenter Server, enter a policy name, optionally enter a description, then click Next.
- On the Policy structure page, check Enable host based roles then click Next.
- On the Host based services page, select Use storage policy component, choose Default encryption properties from the drop-down menu, then click Next.
- On the Storage compatibility page, leave Compatible selected, select a datastore, then click Next.
- Review the information and click Finish.