Virtual Machine Encryption-as-a-Service
Tiirikainen, Lauri (2026)
2026
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-202604288266
https://urn.fi/URN:NBN:fi:amk-202604288266
Tiivistelmä
The assignment was aquired from a case organization with the need to research vSphere’s encryption-related features due to customer demands. The initial objective was to evaluate the use of vSphere virtual machine encryption, exploring its capabilities and restrictions, and to gain practical experience of it in a live environment. The results should evaluate the future of the mentioned technology and offer insights to a potential productization project.
The project started with the technical research of the technology. Then the encryption features were evaluated as a proof-of-concept implementation in a restricted piloting environment. Different encryption topologies were configured and assessed to gain experience of the core encryption features. After the technical evaluation the results and findings were discussed in a theme interview with the case organization’s stakeholders to document the value of the research.
The results include considerations and suggestions to be met in a highly available, multi-tenant service provider environment. An overview of the current cyber security landscape was provided to provide recommendations based on ISO/IEC 27001 framework.
The overall findings were that virtual machine encryption requires specific configuration and comes with a slight performace loss, but it follows the documentation which VMware provides. With encryption organizations are able to protect their physical data and meet compliancy requirements. When taking the provided considerations and restrictions into account, vSphere’s virtual machine encryption could provide an additional layer of security and it could be implemented in multi-tenant environments.
The project started with the technical research of the technology. Then the encryption features were evaluated as a proof-of-concept implementation in a restricted piloting environment. Different encryption topologies were configured and assessed to gain experience of the core encryption features. After the technical evaluation the results and findings were discussed in a theme interview with the case organization’s stakeholders to document the value of the research.
The results include considerations and suggestions to be met in a highly available, multi-tenant service provider environment. An overview of the current cyber security landscape was provided to provide recommendations based on ISO/IEC 27001 framework.
The overall findings were that virtual machine encryption requires specific configuration and comes with a slight performace loss, but it follows the documentation which VMware provides. With encryption organizations are able to protect their physical data and meet compliancy requirements. When taking the provided considerations and restrictions into account, vSphere’s virtual machine encryption could provide an additional layer of security and it could be implemented in multi-tenant environments.