How to Expose and Apply Fortanix Encryption Policy to VMware Tenants

PhoenixNAP’s Data Security Cloud leverages the Key Management Service (KMS) by Fortanix to provide unparalleled data security. This solution enables end-to-end security management using a single web UI.

By incorporating security into your applications and databases, you achieve the necessary privacy compliance in multi-tenant environments.

The steps in this guide explain how service providers make the additional encryption policy visible to tenants and how to apply the storage policy to a virtual machine as a tenant.

Tenants may not have the Fortanix encryption service enabled. Before attempting to apply the Fortanix encryption policy, tenants should verify whether their service provider has enabled the service.

Service providers must enable the storage VM Encryption Policy so tenants can apply the policy to virtual machines (VMs). As a service provider, to expose the feature, log in to your organization’s VMware Cloud Director portal and:

1. Navigate to Organization VDCs in the Resources > Cloud Resources section.

2. Select the Storage menu for the organization in question.

3. Click the radio button to enable the VM Encryption Policy.

Once you enable the policy, State should display Enabled as in the image below:

Now, the tenant can apply the encryption policy to a VM.

Once the provider has enabled the storage VM Encryption Policy, you can apply it to a virtual machine from the VMware Cloud Director tenant portal.

To apply the policy, log in to the Cloud Director tenant portal and:

1. Select Virtual Machines in the Data Centers section and locate the VM to which you want to apply the storage policy.

2. Click the VM’s name. The machine status must read Powered off.

3. Apply the VM Encryption Policy as a Storage Policy in the edit VM window.

4. Click Save to apply the changes.

To ensure the storage policy has been applied to your VM:

1. Select the Virtual Machines menu option.

2. Navigate to the VM to which you applied the policy.

3. Click the Details link at the bottom of the VM card.

4. In the General menu, locate the Storage Policy line and make sure it says “VM Encryption Policy (Encrypted).

The steps in this article showed how to enable the Fortanix storage encryption policy in VMware Cloud Director as a service provider. The guide also outlines the necessary steps that tenants need to take to apply the exposed policy to their virtual machines.