Configuring Automatic Data Encryption for a VM

The following procedure describes how to change the Automatic Data Encryption settings for the VM. For details about changing other VM properties, see Changing the Properties for a Specific VM. For details about configuring Automatic Data Encryption for a Cloud VM Set, see Configuring Automatic Data Encryption for a Cloud VM Set.

  1. Log into the KeyControl Vault for VM Encryption using an account with Cloud Admin privileges.
  2. In the top menu bar, click Workloads.
  3. Select the VM whose properties you want to set and click the Expand button (>) at the end of the row.

  4. On the Details tab, look at the Auto Encryption field. If it says Disabled, then no automatic encryption will be performed for the VM.

    If it says Enabled, then whenever KeyControl detects a new disk on the VM, KeyControl will automatically instruct the Policy Agent on that VM to encrypt the new disk if it matches the settings in the Automatic Data Encryption Policy.

  5. To change the Auto Encryption Settings, click the current setting and, in the Auto Encryption Settings for VM Set dialog box, do the following:

    1. To change whether the feature is enabled or disabled, in the Auto Encrypt field, click the current setting and select Enabled or Disabled from the drop-down list, then click Save.

    2. If the feature is enabled, make sure the Auto Encryption Policy Type is set correctly. You can select:

      • Exclude—The Windows drives and Linux devices listed in the Auto Encryption Policy Path(s) field will not be automatically encrypted, although they can be encrypted manually at any time. This is the default.
      • Include—The Windows drives and Linux devices listed in the Auto Encryption Policy Path(s) field will be automatically encrypted. All other drives or devices on the VM must be encrypted manually.
      • Encrypt All Devices—All Windows drives and Linux devices will be automatically encrypted.

    3. If the policy type is Exclude or Include, make sure the Auto Encryption Policy Paths are set correctly. To add additional paths, click the blue + (Plus sign) in this field. You can enter either a Windows drive a Linux device name. For example, any of the following would be valid path names: C:, C:\data, or sdb1.

      Important: Each path must be on its own line.

  6. When you are done, click Save.