Breadcrumbs

Joint Value Proposition

The integration of VMware Cloud Director with Utimaco Enterprise Secure Key Manager (ESKM) enables secure, multi-tenant cloud environments with centralized and hardware-backed key management.

VMware Cloud Director provides an abstraction layer on top of VMware vSphere, allowing service providers and enterprises to deliver isolated virtual data centers to multiple tenants. By leveraging the encryption capabilities of the underlying vCenter Server, Cloud Director enables tenants to deploy and manage encrypted virtual machines as part of their cloud workloads.

Through the integration with ESKM as the external Key Management Server (KMS), all cryptographic keys used for virtual machine encryption are centrally managed outside of the virtualization platform. This ensures that key control remains independent from tenant workloads and infrastructure operations.

When combined with a u.trust GP HSM, ESKM further enhances security by protecting root keys and key-encryption keys within certified hardware, ensuring that sensitive cryptographic material is never exposed in software.

This architecture provides the following benefits:

  • Secure Multi-Tenancy
    VMware Cloud Director enables multiple tenants to operate in isolated environments, while ESKM ensures that encryption keys are centrally managed and protected across all tenants.

  • Centralized and Independent Key Management
    Encryption keys are managed outside of the cloud management platform, reducing the risk of unauthorized access and enabling clear separation of responsibilities.

  • Hardware-Backed Key Protection
    Integration with u.trust GP HSM ensures that critical keys are stored and processed within secure hardware boundaries.

  • Consistent Encryption Across Cloud Workloads
    All encrypted virtual machines deployed through VMware Cloud Director inherit the key management and encryption policies configured at the vCenter level.

  • Improved Security and Compliance
    Centralized key control, auditability, and hardware-based protection support regulatory requirements and strengthen overall cloud security posture.