Following on from last weeks post on encrypting Kubernetes Persistent Volumes, I now wanted to see if I could use the vSphere Native Key Provider to encrypt databases provisioned by Data Services Manager version 2.1. The good news is that this is indeed possible, but we need to make some changes to the DSM Administrator Role’s privileges to enable it to perform encryption operations. Of course, the infrastructure policy used to provision the databases must also have a storage policy that has encryption. And, as stated in the previous article, this functionality is dependent on vSphere 8.0U3. This applies to…
Security is top of mind for most, if not all, of our customers these days. Many years ago, I wrote a blog post on how customers could encrypt Kubernetes Persistent Volumes with an external Key Provider. One of our customers recently reached out to me to ask if we had any plans to provide similar support with the Native Key Provider. As my focus has been in other areas recently, I reached out to our CSI engineering team for an update. I then found out that support was added in our most recent release, vSphere 8.0U3. While no changes we…
Many regular readers will be aware of new encryption features added recently to VMware’s portfolio, such as vSAN data-at-reset encryption and vSphere VM encryption in vSphere 6.5. I had to return to a configuration task that I hadn’t done in a while, which was the deployment of a new Key Management Server (KMS) on my vSphere 6.5 / vSAN 6.6.1 setup. I had done this a few times before, but it has been a while and I’d forgotten what exactly I’d needed to do, so I decided to document the steps in this post for future reference. Those of you…
One of the key new features of vSphere 6.5 is vSphere VM Encryption, a mechanism to encrypt all virtual machine files. This mechanism not only encrypts the VMDK, but also the metadata files and core dumps associated with a VM. Now, there would not be much point in sending an encrypted core dump file to VMware for analysis, so a mechanism has been put in place to allow these files to be recrypted using a password before sending them to VMware. The password can then be shared with VMware to allow us to examine the core dumps. This is how…
I’m delighted to announce the availability of a new vSphere 6.5 core storage white paper. The paper covers new features such as VMFS-6 enhancements, policy driven Storage I/O Control, policy driven VM Encryption, NFS and iSCSI improvements and of course new limit increases in vSphere 6.5. There are too many VMware folks to thank for putting this paper together, but you’ll find them all listed in the acknowledgements section. I do want to mention one person however; a very special thanks to Cody Hosterman of Pure Storage who spent a lot of time testing many of these new features, and…
Hello from VMworld EMEA in Barcelona. Well, we can finally talk about vSphere 6.5 today. In this post, I want to highlight a number of new and enhanced features that you will find in vSphere 6.5 related to core storage. I am not going to discuss Virtual SAN (VSAN), Virtual Volumes (VVols) or I/O Filter enhancements (VAIO) specifically in this post, although you will no doubt see some new features tie directly into the latter. Instead, I want to talk about those features that are specific to core storage.