VMware vSphere SDKs and Tools 6.5

8.0 7.0 6.7 6.5

vSphere API Methods for Cryptographic Operations

Cryptographic operations are defined in the following hierarchy.
  • CryptoManager
     – managed object for handling cryptographic keys.
    CryptoManager
     defines the following methods:
    • void
      addKey
      (CryptoKeyPlain key)
       – add plain key to the vCenter Server.
    • CryptoKeyResult[]
      addKeys
      (CryptoKeyPlain[] keys)
       – add multiple plain keys to vCenter.
    • boolean
      enabled
      ()
       – indicate if the encryption feature is enabled.
    • CryptoKeyId[]
      listKeys
      (int limit)
       – list keys.
    • void
      removeKey
      (CryptoKeyId key, boolean force)
       – remove a key (only its ID is needed).
    • CryptoKeyResult[]
      removeKeys
      (CryptoKeyId[] keys, boolean force)
       – multiple keys.
  • VirtualMachineConfigSpec
     – previously existing data object passed as parameter to
    CreateVM_Task
     and
    ReconfigVM_Task
    . One of its newly added properties is crypto, a CryptoSpec with one of the following options, which is inherited by all virtual disks and virtual machine configuration files (VM home).
    • CryptoSpecEncrypt
       – indicates that the virtual machine should be encrypted.
    • CryptoSpecDecrypt
       – indicates that the virtual machine should be decrypted.
    • CryptoSpecDeepRecrypt
       – indicates that all KEKs and DEKs should be replaced.
    • CryptoSpecShallowRecrypt
       – indicates that only KEKs should be replaced.
    • CryptoSpecNoOp
       – indicates that encryption settings should not be changed.
    • CryptoSpecRegister
       – indicates that the operation should send keys but should not modify the encryption settings of the virtual machine or virtual disk. When an encrypted disk is hot attached, the program must pass
      CryptoSpecRegister
       with the key ID that encrypted the disk. The key can be obtained from the Datastore Browser.
    These data objects are informational properties of
    VMConfigFileInfo
     and
    VMDiskFileInfo
    , respectively. They can be used to check whether the VM home and its virtual disks are encrypted.
    • VmConfigFileEncryptionInfo
       – the encryption information of a virtual machine configuration.
    • VmDiskFileEncryptionInfo
       – the encryption information of a virtual disk.
    The enumeration
    EncryptedVMotionModes
     controls whether encrypted vMotion is
    disabled
    ,
    required
    , or
    opportunistic
     (fall back to unencrypted vMotion if necessary, the default option).
More information about the encryption interfaces is available in vSphere Management SDK Documentation under vSphere Web Services SDK, in the
vSphere API Reference
.

Content feedback and comments