VMware Beta Community
m1gu3l
Enthusiast
Enthusiast
‎10-17-2023 12:55 AM
Jump to solution

Named disks and catalog templates encryption

Although we have configured a Key Provider for an OrgVDC using the BYOE add-on, we observe that the Named Disks created on that OrgVDC and the vApp templates stored in a catalog backed-up by that OrgVDC are encrypted using the default KMS, not with the KMS associated to the Key Provider assigned to the OrgVDC.

Is that the expected behavior? Will Named Disks and vApp Template encryption be supported by the BYOK add-on in the GA version or future versions?

Thanks,

Miguel

Labels (2)
Labels
1 Solution

Accepted Solutions
jeffmace
VMware Employee
VMware Employee
‎10-18-2023 10:33 AM
Jump to solution

Posting for Nikolay:

Hi Miguel, your understanding is correct!

Regarding deep re-crypt of named disks and templates, we plan to introduce this feature in one of the post-GA releases.

View solution in original post

0 Kudos
9 Replies
nikolay_andreev
VMware Employee
VMware Employee
‎10-17-2023 08:33 AM
Jump to solution

Hi Miguel, we plan to introduce encryption of named disks and VM templates as part of the official (GA) release of BYOE solution. Both will be encrypted the same way as regular VMs with the exception that deep re-encrypt will not be supported in the GA release. Please let us know if this behavior would cover your use cases?

0 Kudos
m1gu3l
Enthusiast
Enthusiast
‎10-17-2023 09:29 AM
Jump to solution

Hi Nikolay, It is great news that you will support the encryption of named disks and VM templates in the GA version. When you say that deep re-encrypt will not be supported in the GA release, do you mean just for named disks and VM templates or for VMs as well? Thanks, Miguel

0 Kudos
nikolay_andreev
VMware Employee
VMware Employee
‎10-17-2023 09:38 AM
Jump to solution

I meant only for named disks and VM templates.

Deep re-encrypt on VMs will be supported in GA release as a Day-2 operation given the VM is powered off.

Sorry for ambiguity in my previous answer.

0 Kudos
nikolay_andreev
VMware Employee
VMware Employee
‎10-17-2023 09:46 AM
Jump to solution

I meant only for named disks and VM templates.
Deep re-encrypt of regular VMs will be possible in the GA release as a day-2 operation.
Sorry for ambiguity in my previous reply.

0 Kudos
jeffmace
VMware Employee
VMware Employee
‎10-17-2023 10:57 AM
Jump to solution

Posting for Nikolay:

I meant only for named disks and VM templates. Deep re-encrypt of regular VMs will be possible in the GA release as a day-2 operation. Sorry for ambiguity in my previous reply.

0 Kudos
m1gu3l
Enthusiast
Enthusiast
‎10-18-2023 01:04 AM
Jump to solution

Thanks, Jeff and Nikolay. Please let me recap to check if I understood correctly:

- Named disk and template encryption will be supported in the BYOE GA release, including shallow recrypt managed at OrgVDC level.

- VM deep recrypt will also be supported in the BYOE GA version as a day 2 operation at VM level.

- Named disk and templates deep recrypt will not be supported in the BYOE GA version.

Correct? Will Named disk and templates deep recrypt be supported in a posterior BYOE release? Or is it technically unfeasible?

Thanks!

Miguel

0 Kudos
nikolay_andreev
VMware Employee
VMware Employee
‎10-18-2023 10:21 AM
Jump to solution

Hi Miguel, your understanding is correct!

Regarding deep re-crypt of named disks and templates, we plan to introduce this feature in one of the post-GA releases.

Nikolay

0 Kudos
jeffmace
VMware Employee
VMware Employee
‎10-18-2023 10:33 AM
Jump to solution

Posting for Nikolay:

Hi Miguel, your understanding is correct!

Regarding deep re-crypt of named disks and templates, we plan to introduce this feature in one of the post-GA releases.

0 Kudos
m1gu3l
Enthusiast
Enthusiast
‎10-18-2023 11:34 PM
Jump to solution

Thanks, Nikolay. All clear.

0 Kudos