modules/installation-vsphere-encrypted-vms.adoc

// module is included in the following assemblies:
// installing/installing_vsphere/upi/upi-vsphere-installation-reqs.adoc

:_mod-docs-content-type: PROCEDURE
[id="installation-vsphere-encrypted-vms_{context}"]
= Requirements for encrypting virtual machines

You can encrypt your virtual machines prior to installing {product-title} {product-version} by meeting the following requirements.

* You have configured a Standard key provider in vSphere. For more information, see link:https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vsan.doc/GUID-AC06B3C3-901F-402E-B25F-1EE7809D1264.html[Adding a KMS to vCenter Server].
+
[IMPORTANT]
====
The Native key provider in vCenter is not supported. For more information, see link:https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-54B9FBA2-FDB1-400B-A6AE-81BF3AC9DF97.html[vSphere Native Key Provider Overview].
====

* You have enabled host encryption mode on all of the ESXi hosts that are hosting the cluster. For more information, see link:https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-A9E1F016-51B3-472F-B8DE-803F6BDB70BC.html[Enabling host encryption mode].
* You have a vSphere account which has all cryptographic privileges enabled. For more information, see link:https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-660CCB35-847F-46B3-81CA-10DDDB9D7AA9.html[Cryptographic Operations Privileges].

When you deploy the OVF template in the section titled "Installing RHCOS and starting the {product-title} bootstrap process", select the option to "Encrypt this virtual machine" when you are selecting storage for the OVF template. After completing cluster installation, create a storage class that uses the encryption storage policy you used to encrypt the virtual machines.
OSDOCS-5159 installing on vSphere using encrypted VMs (UPI) 2023-03-02 13:04:47 -05:00			`// module is included in the following assemblies:`
OSDOCS#8722: Refactor of vSphere install reqs for UPI 2024-01-08 14:08:09 -05:00			`// installing/installing_vsphere/upi/upi-vsphere-installation-reqs.adoc`
OSDOCS-5159 installing on vSphere using encrypted VMs (UPI) 2023-03-02 13:04:47 -05:00
[enterprise-4.14] changing content type attribute 2023-10-30 10:13:25 -04:00			`:_mod-docs-content-type: PROCEDURE`
OSDOCS-5159 installing on vSphere using encrypted VMs (UPI) 2023-03-02 13:04:47 -05:00			`[id="installation-vsphere-encrypted-vms_{context}"]`
			`= Requirements for encrypting virtual machines`

[enterprise-4.14] changing content type attribute 2023-10-30 10:13:25 -04:00			`You can encrypt your virtual machines prior to installing {product-title} {product-version} by meeting the following requirements.`
OSDOCS-5159 installing on vSphere using encrypted VMs (UPI) 2023-03-02 13:04:47 -05:00
			`* You have configured a Standard key provider in vSphere. For more information, see link:https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vsan.doc/GUID-AC06B3C3-901F-402E-B25F-1EE7809D1264.html[Adding a KMS to vCenter Server].`
			`+`
			`[IMPORTANT]`
			`====`
			`The Native key provider in vCenter is not supported. For more information, see link:https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-54B9FBA2-FDB1-400B-A6AE-81BF3AC9DF97.html[vSphere Native Key Provider Overview].`
			`====`

			`* You have enabled host encryption mode on all of the ESXi hosts that are hosting the cluster. For more information, see link:https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-A9E1F016-51B3-472F-B8DE-803F6BDB70BC.html[Enabling host encryption mode].`
			`* You have a vSphere account which has all cryptographic privileges enabled. For more information, see link:https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-660CCB35-847F-46B3-81CA-10DDDB9D7AA9.html[Cryptographic Operations Privileges].`

OSDOCS-17013-bm-upi: CQA2.0 complete for BM UPI doc 2025-12-09 11:08:56 +00:00			`When you deploy the OVF template in the section titled "Installing RHCOS and starting the {product-title} bootstrap process", select the option to "Encrypt this virtual machine" when you are selecting storage for the OVF template. After completing cluster installation, create a storage class that uses the encryption storage policy you used to encrypt the virtual machines.`