Browsed by
Tag: encryption

vSphere 6.5 – Secure Boot (ESXi and VMs)

vSphere 6.5 – Secure Boot (ESXi and VMs)

Comments 2 comments

When new feature Secure Boot is enabled, the UEFI firmware validates the digitally signed kernel of an operating system against the digital certificate stored in the UEF firmware. For ESXi 6.5 this capability is further leveraged by the ESXi kernel, adding cryptographic assurance of ESXi components. ESXi is already made up of digitally signed packages, called VIB’s. (vSphere Installation Bundle) These packages are never broken open. At boot time the ESXi file system maps to the content of those packages….

Read More Read More

Tweet
Share
0 Shares
vSphere 6.5 – Encrypted vMotion

vSphere 6.5 – Encrypted vMotion

Comments 0 Comment

Another  good news is that You can encrypt the vMotion of any VM, encrypted or not – encrypted VM’s will always use encrypted vMotion : Disabled – do not use encrypted vMotion Opportunistic – use encrypted vMotion if source and destination hosts support it. Required -Allow only encrypted vMotion. Note !!!  Mixed cluster and you have a requirement of encrypted vMotion, then setting to “Required” will not let you vMotion to a host that doesn’t support it. (only vSphee ESXi 6.5…

Read More Read More

Tweet
Share
0 Shares
vSphere 6.5 – Backup and Restore encrypted VMs

vSphere 6.5 – Backup and Restore encrypted VMs

Comments 0 Comment

New encryption gives many possibilities but also make some impact to other tasks in our environment. Let’s consider backup implications – backup and restore of encrypted disks is possible with NBD and HotAdd transport, but SAN mode does not support encrypted virtual machine backup. No API change is involved – ESXi hosts encrypt by attaching an IO Filter. To back up encrypted virtual machines using HotAdd, the backup proxy must have been encrypted as well. The backup process requires “Cryptographer.DirectAccess”…

Read More Read More

Tweet
Share
0 Shares
vSphere 6.5 – VM Encryption

vSphere 6.5 – VM Encryption

Comments 0 Comment

  Next new security  functionality in vSphere 6.5 – encryption is implemented via Storage Policies. If You add to the vm an encryption storage policy it will encrypt the disk. Key features: No modification within the Guest. VM Agnostic Guest OS DataStore HW Version Policy driven Encrypts both VMDK and VM files No access to encryption keys by the Guest Full support of vMotion Diagram below shows how it works:   Register a VM on a host and configure the (new…

Read More Read More

Tweet
Share
0 Shares
vSphere 6.5 Security Enhancements  

vSphere 6.5 Security Enhancements  

Comments 0 Comment

  In this article I will try to point most important security enhancements in recently released vSphere 6.5 platform.  As we can hear from “pre GA” sneak peek information VMware will build security in 3 areas: Secure access – logs monitoring and audit Secure infrastructure – hypervisor with minimal footprint = minimal attack surface and cryptographic option to provide SecureBoot Secure data – hypervisor-level encryption for VM data Let’s go deeper  into the  technology – below is a list of…

Read More Read More

Tweet
Share
0 Shares