How to encrypt an existing Virtual Machine or Virtual Disk

Prerequisites:

  • vCenter server must be configured and connected with the KMS server.  Please refer to this article: How to connect vCenter with external KMS
  • ESXi servers that will run encrypted VM’s must be allowed to communicate with KMS server over TCP.
  • Create an encryption storage policy or use the bundled sample, VM Encryption Policy.
  • Downtime is required, VM must be powered off.

Procedure:

  1. Shutdown VM
  2. Right click on vm and select VM Policies → Edit Storage Policy.
  1. Change storage policy to your own encryption storage policy or use the bundled sample, VM Encryption Policy and select OK.
NOTE: Depends on the storage type for example if you have slower SAS disks it may a take long time to encrypt VM. In my case using SAS to encrypt 3TB it took around 5 hours.

Please like and share to spread the knowledge in the community.

If you want to chat with me please use Twitter: @AngrySysOps

Visit my FB page: https://www.facebook.com/AngrySysOps

Read my blog: https://angrysysops.com

Subscribe to my channel : https://www.youtube.com/channel/UCRTcKGl0neismSRpDMK_M4A

Please leave the comment