# 6. Encryption Management Service

## <mark style="color:green;">**Overview**</mark> <a href="#overview" id="overview"></a>

**VMware Cloud Director Encryption Management** is a solution that grants in-transit encryption for disk I/O and vMotion for a customer's Virtual Machine using vTPM and VM Encryption technology.

&#x20;

<figure><img src="/files/AsmB5zuLDLC5X6jvZ7ak" alt=""><figcaption></figcaption></figure>

Please refer to the **Encryption Management service** usage guide below.

## <mark style="color:green;">Procedure</mark>

{% stepper %}
{% step %}
**Step 1:** Customer login to Portal vCD
{% endstep %}

{% step %}

#### Step 2: Verify **Encryption Policy** is available

<figure><img src="/files/QEFe3nIEGGKw1DUlgcZT" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Step 3:** Choose the VM you want to **encrypt. Note: this VM must be powered off before encryption**

<figure><img src="/files/HiitQUl5yCILJ53WIPVo" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}

#### Step 4: Change Default Storage Policy

<div align="left"><figure><img src="/files/IVtULFTWFxgpe0W28fxa" alt="" width="363"><figcaption></figcaption></figure></div>

* VM -> General -> EDIT\
  Wait for this VM encryption process to complete (It will take time depending on the size of the VM's hard drive)
* **Optional:** Enable Security Devices – Trusted Platform Module (vTPM)

  <figure><img src="/files/ysMYipXtIK40a0SBoDVi" alt=""><figcaption></figcaption></figure>

  * Choose Security Devices -> Edit -> Enable -> SAVE

  <mark style="color:red;">**NOTED:**</mark> VM must meet the following requirements to add Trusted Platform Module:

  * &#x20;VM is powered off
  * OS is compatible with Trusted Platform Module
  * VM doesn’t have any snapshots
  * Hardware version 14 or late
  * &#x20;Boot firmware is EFI
    {% endstep %}

{% step %}
**Step 5:** Powered on the encrypted VM:

* VM configuration files, including swap files, core dump files, and more, are encrypted.
* All Hard disks are encrypted.

<figure><img src="/files/9YSaoLejRlfr3yHDTm22" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/wrVdgPpFhLYUNadYQ29y" alt=""><figcaption></figcaption></figure>

* vTPM is present (Optional: if it was enabled in step 5)
  {% endstep %}
  {% endstepper %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.higiocloud.vn/compute/6.-encryption-management-service.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.