VMWare 6.5 Encryption

  • Jim C
    August 16, 2018 10:28:40 PM

    We are looking at using data encryption in VMWare 6.5 .  In this scenario a Key Management Server works in concert with vCenter to provide encryption/decryption keys for when a VM boots up.  In essence, a powered down VM is data-at-rest encrypted.  Does Zerto have guidelines for set up in this environment, how Zerto movements between vCenters should be handled, how to build a the test Replication/DR environment, and how Zerto Backups work in this type scenario?  I know it’s a lot of q’s in one fell swoop!

    Thanks.

    Amy M
    August 17, 2018 07:35:49 PM

    Hi Jim

    We don’t support VM encryption in VMware 6.5 today.  This is on our roadmap.  You can find this feature request and vote on it here:  https://www.zerto.com/myzerto/support/feature-requests/

    Thanks

    Amy Mitchell

    Zerto Platform Product Manager

    Matthew C
    August 17, 2018 07:48:45 PM

    Amy – if I were to use a 3rd part VM encryption product, such as Gemalto, would my Zerto replication and recovery still work? I think yes, since the encryption is layer 7, application, but this post got me thinking about it.

    Thanks!

    Amy M
    August 17, 2018 08:00:19 PM

    Hi Matt,

    I’m not familiar with the way Gemalto does encryption.  We do have customers who do storage encryption and that is transparent to Zerto.

    Amy Mitchell

    Zerto Platform Product Manager

    Jim C
    August 17, 2018 10:07:36 PM

    We are looking at VMWare to do the encryption because it makes the data encrypted regardless of where the data resides.  The storage platform becomes ‘encryption agnostic’ which then extends our hardware platforms lives.  It covers us in case of a backup being stolen either on disk or from disk (downloaded and taken out).  Disk encryption only covers the physical media it seems, whereas the software encryption extends our coverage.  I’m sorry to see it hasn’t really gotten a lot of votes for the roadmap.

    My follow-up question is, has anyone tried to do this and what were their results?  From a brief overview it seems to me that if you have access to vCenter and a recognized Key Server, the data file should then unlock.  I’d rather not be the one that told the auditors we were data at rest and DR compliant, only to find out the one broke the other.  Technology, always something new to tackle.

    Rob W
    September 12, 2019 03:49:26 PM

    Hello Amy/Zerto Project Management,

     

    Has there been any movement on supporting vmware encryption ?

    I tried visiting this link and it doesn’t take me anywhere: https://www.zerto.com/myzerto/support/feature-requests/

     

    Thanks

    Amy M
    September 12, 2019 10:11:23 PM

    The link to the feature requests is: https://www.zerto.com/myzerto/support/feature-requests/ once there, you can search for encryption so you can vote on the type of encryption you need.  We have encryption in our roadmap.  Please contact your Zerto account team to discuss the roadmap further.

    Amy Mitchell

    Zerto Product Manager

You must be logged in to create new topics. Click here to login