ESXi Hosts

ESXi hosts are responsible for several aspects of the encryption workflow.

Accepting keys and storing them in memory (never on disk). If a host has encryption mode enabled, and the current user’s role includes cryptographic operations privileges, vCenter Server pushes keys to the ESXi host upon request. See Prerequisites and Required Privileges for Encryption Tasks.

Ensuring that guest data for encrypted virtual machines are encrypted when stored on disk.

Ensuring that guest data for encrypted virtual machines are never sent unencrypted over the network.

The keys that the ESXi host generates are called internal keys in this document. These keys are typically act as data encryption keys (DEKs).

vSphere Virtual Machine Encryption Components

Content feedback and comments

VMware vSphere SDKs and Tools 8.0

ESXi Hosts