You can improve security and protection of your data by replicating encrypted virtual machines.

Replication of encrypted VMs is supported with vSphere 6.7 Update 1 or later. Ensure that you either use a common Key Management Server (KMS) or that the Key Management Server clusters at both sites use common encryption keys. Ensure that the KMS server is registered with the same name both at the soure and target sites. For information about how to set up a Key Management Server cluster, see the VMware vSphere ESXi and vCenter Server 6.7 documentation.

An encrypted virtual machine can have both encrypted and unencrypted disks and you must follow different policies for each type.

When you specify the VM Storage Policy for target disks in a replication, you must set a storage policy with VM Encryption enabled at the target if the source disks are encrypted. For unencrypted source disks, you must set a storage policy without VM Encryption enabled at the target.

If you use replication seeds, target disks for encrypted source disks must be encrypted and target disks for unencrypted source disks must be unencrypted.

If you do not use seed disks, replica disks are encrypted with the same encryption key as the source VM disks.

If you use seed disks, replica disks can have a different encryption keys from the source disks.

When you configure a replication of an encrypted VM, encryption of the transferred data is automatically switched on to enhance data security and you cannot switch it off.

For more information on VM encryption, see Virtual Machine Encryption in the vSphere Security documentation.

For information about enabling virtual machine encryption for an already replicated VM, see Enable VM Encryption for an Already Replicated VM.