Introduction

PhoenixNAP’s Data Security Cloud leverages the Key Management Service (KMS) by Fortanix to provide unparalleled data security. This solution enables end-to-end security management using a single web UI.

By incorporating security into your applications and databases, you achieve the necessary privacy compliance in multi-tenant environments.

The steps in this guide explain how service providers make the additional encryption policy visible to tenants and how to apply the storage policy to a virtual machine as a tenant.

How to apply Fortinex encryption to WMware tenants.

Enable VM Encryption Policy for Organization

Tenants may not have the Fortanix encryption service enabled. Before attempting to apply the Fortanix encryption policy, tenants should verify whether their service provider has enabled the service.

Service providers must enable the storage VM Encryption Policy so tenants can apply the policy to virtual machines (VMs). As a service provider, to expose the feature, log in to your organization’s VMware Cloud Director portal and:

1. Navigate to Organization VDCs in the Resources > Cloud Resources section.

2. Select the Storage menu for the organization in question.

3. Click the radio button to enable the VM Encryption Policy.

Once you enable the policy, State should display Enabled as in the image below:

Enable VM encryption policy as a service provider.

Now, the tenant can apply the encryption policy to a VM.

How to Apply VM Encryption Storage Policy as a Tenant

Once the provider has enabled the storage VM Encryption Policy, you can apply it to a virtual machine from the VMware Cloud Director tenant portal.


Note:  You must turn off the VM before you apply the VM encryption storage policy.


To apply the policy, log in to the Cloud Director tenant portal and:

1. Select Virtual Machines in the Data Centers section and locate the VM to which you want to apply the storage policy.

2. Click the VM’s name. The machine status must read Powered off.

Editing VMs in the Cloud director tenant portal.

3. Apply the VM Encryption Policy as a Storage Policy in the edit VM window.

Apply the Fortanix VM encryption policy as a storage policy.

4. Click Save to apply the changes.

Verify VM Encryption Policy Status

To ensure the storage policy has been applied to your VM:

1. Select the Virtual Machines menu option.

2. Navigate to the VM to which you applied the policy.

3. Click the Details link at the bottom of the VM card.

Additional VM details in the Cloud Director Portal.

4. In the General menu, locate the Storage Policy line and make sure it says “VM Encryption Policy (Encrypted).

Verification that the VM encryption policy has been applied.

Conclusion

The steps in this article showed how to enable the Fortanix storage encryption policy in VMware Cloud Director as a service provider. The guide also outlines the necessary steps that tenants need to take to apply the exposed policy to their virtual machines.


Next you should also read