Virtual machine storage policies control which type of storage is provided for the virtual machine and how the virtual machine is placed within storage. They also determine data services that the virtual machine can use.
https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.storage.doc/GUID-A8BA9141-31F1-4555-A554-4B5B04D75E54.html
In our previous posts, we installed a KMS and configured it for use with vCenter. Here, we are going to configure a new VM Storage Policy to use for encryption.
We start by heading to Policies and Profiles, by heading to Menu > Policies and Profiles
In there, we are going to select VM Storage Policies and then Create VM Storage Policy.
In the Pop-up box, we can provide a name for the new Storage Policy, in this case we are just going to call it "Encryption_Test" and then go Next.
Since we are going to be using this profile for Encryption, we need to select "Enable host based rules" and then go Next.
In this section, under the "Use storage policy component", we select the "Default encryption properties" and go Next.
The next screen shows us the datastores that are compatible with this storage policy, and we can go Next.
The final screen gives us a Review of the options we have selected, and we can hit Finish.
And that's pretty much it. We can now see that the VM Storage Policy exists and we can view all details about it.
This VM storage policy can now be used and applied to VMs to encrypt them. In this next post, we are going to run through the steps on actually encrypting individual VMs using this storage policy.