KMIP for VMware overview
This solution architecture describes the KMIP™ on VMware architecture for protecting your VMware® instances. Many storage encryption options are available to protect your VMware workload. KMIP for VMware works together with VMware native vSphere encryption and vSAN™ encryption. The vSphere and vSAN encryption provides simplified storage encryption management together with the security and flexibility of IBM Cloud® Key Protect or IBM Cloud Hyper Protect Crypto Services customer-managed keys.
This solution is considered to be an extra component and extension of the vCenter Server offering on IBM Cloud. As a result, this document doesn't cover the existing configuration of these foundation solutions on IBM Cloud. To understand more about the foundation solution architecture, see Overview of VMware Solutions.
Key benefits
While many storage encryption solutions are available for your VMware workload, KMIP for VMware offers the following benefits:
- Integration with VMware vSAN encryption and vSphere encryption, both of which are implemented in the hypervisor layer rather than the storage or virtual machine layer. This approach allows easy management and transparency to your storage solution and application.
- Fully managed key management server available in many IBM Cloud multizone regions (MZRs).
- Integrating your VMware cluster with IBM Cloud Key Protect or IBM Cloud Hyper Protect Crypto Services provides you with fully customer-managed keys that you can revoke at any time.