- vCenter server must be configured and connected with the KMS server. Please refer to this article: How to connect vCenter with external KMS
- ESXi servers that will run encrypted VM’s must be allowed to communicate with KMS server over TCP.
- Create an encryption storage policy or use the bundled sample, VM Encryption Policy.
- Downtime is required, VM must be powered off.
- Shutdown VM
- Right click on vm and select VM Policies → Edit Storage Policy.
- Change storage policy to your own encryption storage policy or use the bundled sample, VM Encryption Policy and select OK.
NOTE: Depends on the storage type for example if you have slower SAS disks it may a take long time to encrypt VM. In my case using SAS to encrypt 3TB it took around 5 hours.
Please like and share to spread the knowledge in the community.
If you want to chat with me please use Twitter: @AngrySysOps
Visit my FB page: https://www.facebook.com/AngrySysOps
Read my blog: https://angrysysops.com
Subscribe to my channel : https://www.youtube.com/channel/UCRTcKGl0neismSRpDMK_M4A