# 6. Encryption Management Service

## <mark style="color:green;">**Overview**</mark> <a href="#overview" id="overview"></a>

**VMware Cloud Director Encryption Management** is a solution that grants in-transit encryption for disk I/O and vMotion for a customer's Virtual Machine using vTPM and VM Encryption technology.

&#x20;

<figure><img src="https://3953927389-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fbvay7AR0CH8vZKgD3dSy%2Fuploads%2FOIGHBbfwmyJagZkY0okl%2Fimage.png?alt=media&#x26;token=02f9b4db-2a43-4d82-88a3-f97b1149ac5d" alt=""><figcaption></figcaption></figure>

Please refer to the **Encryption Management service** usage guide below.

## <mark style="color:green;">Procedure</mark>

{% stepper %}
{% step %}
**Step 1:** Customer login to Portal vCD
{% endstep %}

{% step %}

#### Step 2: Verify **Encryption Policy** is available

<figure><img src="https://3953927389-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fbvay7AR0CH8vZKgD3dSy%2Fuploads%2Fei5WkwaHwtJOw70VLRDm%2Fimage.png?alt=media&#x26;token=1637528f-c2c7-440f-84db-cfce3db79f31" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Step 3:** Choose the VM you want to **encrypt. Note: this VM must be powered off before encryption**

<figure><img src="https://3953927389-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fbvay7AR0CH8vZKgD3dSy%2Fuploads%2F2LJ9AzHD8JQaBMuezJxj%2Fimage.png?alt=media&#x26;token=e67eb331-2032-4240-b72d-9549bd6df5f2" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}

#### Step 4: Change Default Storage Policy

<div align="left"><figure><img src="https://3953927389-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fbvay7AR0CH8vZKgD3dSy%2Fuploads%2Fo0qHDqdZK0DrCVMQS9Ou%2Fimage.png?alt=media&#x26;token=ba08f9ba-45d5-472f-82e2-6d1f42397893" alt="" width="363"><figcaption></figcaption></figure></div>

* VM -> General -> EDIT\
  Wait for this VM encryption process to complete (It will take time depending on the size of the VM's hard drive)
* **Optional:** Enable Security Devices – Trusted Platform Module (vTPM)

  <figure><img src="https://3953927389-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fbvay7AR0CH8vZKgD3dSy%2Fuploads%2FEnOePcPIxyPMbInoENnn%2Fimage.png?alt=media&#x26;token=a8d2ca20-9377-420c-a030-e4cc19ec25f0" alt=""><figcaption></figcaption></figure>

  * Choose Security Devices -> Edit -> Enable -> SAVE

  <mark style="color:red;">**NOTED:**</mark> VM must meet the following requirements to add Trusted Platform Module:

  * &#x20;VM is powered off
  * OS is compatible with Trusted Platform Module
  * VM doesn’t have any snapshots
  * Hardware version 14 or late
  * &#x20;Boot firmware is EFI
    {% endstep %}

{% step %}
**Step 5:** Powered on the encrypted VM:

* VM configuration files, including swap files, core dump files, and more, are encrypted.
* All Hard disks are encrypted.

<figure><img src="https://3953927389-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fbvay7AR0CH8vZKgD3dSy%2Fuploads%2FQYpxBuklBZiqHfTeMdR4%2Fimage.png?alt=media&#x26;token=944c604b-baf6-40ee-92b1-7640279802ff" alt=""><figcaption></figcaption></figure>

<figure><img src="https://3953927389-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fbvay7AR0CH8vZKgD3dSy%2Fuploads%2FBlUy0gGcDxhDne5Pohyh%2Fimage.png?alt=media&#x26;token=b5361a28-7785-4886-9a6b-1cf81740a8a1" alt=""><figcaption></figcaption></figure>

* vTPM is present (Optional: if it was enabled in step 5)
  {% endstep %}
  {% endstepper %}