vSphere 6.5 : Enable ESXi Host Encryption

vSphere 6.5 : Enable ESXi Host Encryption

In this article, let’s see how to enable ESXi Host Encryption in the vSphere 6.5 environment. Some Virtual Machine Encryption tasks enables ESXi Host Encryption automatically if the account has the relevant privileges. One important thing, Virtual Machine Encryption can be enabled only if you enable the ESXi Host level encryption. Encryption tasks are possibly only in environments that include vCenter Server.

After host encryption mode is enabled, all core dumps are encrypted to avoid the release of sensitive information from your secure Virtualized environment. If you no longer use the Virtual Machine encryption you can disable the Host Encryption. Disabling Host Encryption is not that easy and let’s see how we can work with these settings.

vCenter Cryptography Privileges and Roles

By default, vCenter Server administrator has all the relevant privileges. Also, there is a No cryptography administrator role which does not have the Cryptography Privileges.

Cryptographic Operations Privileges:

  • Global -> Diagnostics
  • Host -> Inventory -> Add host to cluster
  • Host -> Inventory -> Add standalone host
  • Host -> Local operations -> Manage user groups

This is a sample output for the No Cryptography administrator Role privileges

ESXi Host Encryption: No Cryptography Administrator

Automatic changes occur when encryption operations attempt to enable host encryption mode. For example, assume that you add an encrypted virtual machine to a standalone host. Host encryption mode is not enabled. If you have the required privileges on the host, encryption mode changes to enabled automatically.”

How to Enable ESXi Host Encryption

To enable the Host encryption “Cryptographic operations.Register host” privilege is required.

ESXi Host Encryption: Register Host

Login to the vSphere client, click on Host->Configure->Security Profile. Click on “Edit” under “Host Encryption Mode”

ESXi Host Encryption: Enable Host Encryption

Set the Encryption Mode to Enable and click “OK

ESXi Host Encryption: Set Enable

How to Disable the Host Encryption Mode

If you are no longer use the Virtual Machine Encryption you can disable the Host Encryption. Enabling the Host Encryption mode is just a easy task if you have the right privileges. But disabling Host Encryption is bit of a pain. Unfortunately, I don’t have the screencaptures to show you the steps and if I get a chance in the future I will update the post with the screen captures.

To disable the Host Encryption follow the below Steps:

  • Unregister all encrypted virtual machines from the host
  • Unregister the host from vCenter Server
  • Reboot the host
  • Register the host with vCenter Server again

If you found this post as useful please rate the post and share it!

Click to rate this post!
[Total: 3 Average: 5]

Leave a Reply

Your email address will not be published. Required fields are marked *