Nearly all enterprises have made a significant investment in VMware infrastructure and now want to embrace migrating those workloads to hybrid and public clouds such as Google Cloud. Google Cloud VMware Engine is the only service that allows you to consume dedicated VMware Cloud environments on Google Cloud. You get full, native, direct access to VMware vSphere, vCenter, vSAN and NSX so you can continue to use the familiar VMware management tools you know. Because your apps run exactly the same on-premises and in the Cloud, you benefit from the elasticity and services of the cloud without the complexity of re-architecting your apps.
As you make use of VMware Engine to migrate to the public cloud, securing sensitive data is critical to avoiding data breaches, maintaining compliance, and maintaining availability of critical workloads. Integrating multiple solutions for encryption, key management, tokenization, and secrets management across on-premises, hybrid, and public cloud environments can be a daunting task.
VMware introduced native encryption capabilities in vSphere 6.5 with vSphere VM Encryption and vSAN 6.6 with data at rest encryption. With vSphere Virtual Machine Encryption, you can create encrypted virtual machines and encrypt existing virtual machines. Because all virtual machine files with sensitive information are encrypted, the virtual machine is protected from unauthorized access to the data. When you enable encryption for vSAN, the vSAN encrypts everything in the vSAN datastore. All files are encrypted, so all virtual machines and their corresponding data are protected from unauthorized access. Only administrators with encryption privileges can perform encryption and decryption tasks.
In order to enable VM and vSan encryption, organizations need to have an external Key Management Server (KMS) and Hardware Security Module (HSM) to securely store and manage the lifecycle of encryption keys. Starting in vSphere 7.0, you can configure vSphere Trust Authority, making access to the encryption keys conditional to the attestation state of a workload cluster, providing a greater level of trust in the integrity of the workload itself.
The Fortanix Self-Defending Key Management Service (KMS) integrates with both VMware infrastructure and Google Cloud-native services to provide a single solution and interface for encryption, key management, tokenization, and secrets management across on-premises, hybrid cloud, and Google Cloud. This VMware certified solution enables VM, VSAN, database and file encryption using standard interfaces and native VMware APIs and Google APIs. The Fortanix solution is deployed with built-in high availability and disaster recovery.