Encrypted vMotion Best Practices
VMware vSphere Encrypted vMotion protects VMs as they live-migrate between ESXi hosts using vMotion. This is a collection of common considerations when implementing Encrypted vMotion. Please also refer to the Frequently Asked Questions list and Introduction videos found at https://core.vmware.com/encrypted-vmotion.
Encrypted vMotion Design Considerations
Encrypted vMotion is very straightforward. Designing an environment to take advantage of this feature is as simple as enabling it on a per-VM basis.
Encrypted vMotion Tips & Tricks
Set Encrypted vMotion on your virtual machine templates so that new virtual machines inherit the proper settings.
The default setting for Encrypted vMotion is “Opportunistic.” Set it to “Required” to ensure that vMotion occurs with encryption.
Use PowerCLI to audit and update virtual machines at scale. To get started, use the Code Capture feature of the vSphere Client to generate a sample Powershell script which can be edited to work across your entire environment.
Summary and Additional Resources
Please visit the vSphere security resources at https://core.vmware.com/security.
About the Authors
This document is maintained by Bob Plankers, Senior Technical Marketing Architect, VMware.
The purpose of this document is to answer questions that may fall outside the scope of product documentation and system design guidance. Your feedback is valuable. To comment on this document please contact Bob Plankers at firstname.lastname@example.org. Thank you.