Virtual Machine
Files
Most virtual machine files, in particular
guest data that are not stored in the VMDK file, are encrypted. This set of
files includes but is not limited to the NVRAM (memory), VSWP (swap), and VMSN
(snapshot) files. The key that vCenter Server retrieves from the KMS unlocks an
encrypted bundle in the VMX file that contains internal keys and other secrets.
If you use the vSphere Client to create an
encrypted virtual machine, all virtual disks are encrypted by default. For
other encryption tasks, such as encrypting an existing virtual machine, you can
encrypt and decrypt virtual disks separate from virtual machine files.
You cannot associate an encrypted virtual disk
with an unencrypted virtual machine.