Configuring Auto Rekey for a VM

The default Auto Rekey settings for a VM come from the settings in the parent Cloud VM Set as described in Configuring Auto Rekey for a Cloud VM Set.

This procedure describes how to override the default Auto Rekey setting for a specific VM.

Note: If you configure Auto Rekey for a VM in a Cloud VM Set that has the Single Encryption Key (SEK) option enabled, KeyControl uses the current version of the SEK key when it performs the auto rekey. It does not automatically create a new SEK key version. If you want to automatically rekey all of the encrypted disks in the VM, make sure you generate a new SEK key before the auto rekey process begins. For details, see Generating a New SEK Key.

Procedure 

1. Log into the KeyControl Vault for VM Encryption webGUI using an account with Cloud Admin privileges.
2. In the top menu bar, click Workloads.
3. Click the VMs tab and select the VM you want to work with from the list.
4. Click the Expand button (>) at the end of the row to access the details for the specific VM.

5. Set the following property on the Details tab:

   Option	Description
   Rekey Interval	If you specify any value other than 0 (zero) for this option, KeyControl periodically creates a rekey task for every encrypted disk in the VM. You can select any number of days, weeks, months, or years and the KeyControl Vault for VM Encryptionwill automatically rekey the encrypted disks on that schedule. To disable Auto Rekey, enter 0 in this field. By default, Auto Rekey is disabled.

6. When you are finished entering a value in each field, click Save. KeyControl sends the changes to the VM on the next heartbeat.
7. You can track the progress of the rekey operation on the Dashboard in the Tasks tile.

Note: For Linux VMs, Auto Rekey only works if the online encryption driver has been configured and is active on the Linux VM. On Linux VMs, Auto Rekey does not work for system devices such as root or swap.