A feature that many folks I believe are very excited to see come to light is the ability to do encrypted vMotions. Since vMotion’s inception, vMotions have not been secured, but that hasn’t really been an issue until vSphere 6 when cross-vCenter vMotion came out because VMware best practices were to put vMotion traffic either on it’s own network or VLAN. With xVC-vMotions, all that changed as this could potentially be leaving your data center to another, or crossing networks that you do not want others to potentially be able to sniff.
I’m happy to announce that in vSphere 6.5 Encrypted vMotion is here and easy to use.
How easy is it to use? Well let me show you. Depending on what the default is set to for your vCenter there are 3 options for Encrypted vMotion:
- Disabled – Will not try to do encrypted vMotions at all
- Opportunistic – Will attempt to do encrypted vMotions if target vCenter supports it, otherwise will fall back to unencrypted
- Required – VMs will not be vMotioned unless it can successfully vMotion encrypted.
If you click on a specific virtual machine, you can go to: Settings > VM Options > Encryption > Encrypted vMotion and see what it’s currently set at. From here you can also change it as well. However, this approach does not scale. For that, I’ve created a PowerCLI module that you can find and read more about HERE.
Stay tuned for more information about Encrypted vMotion as we near the vSphere 6.5 GA.