The purpose of this integration is to enable VMware Cloud Director to leverage centralized and secure key management through Utimaco Enterprise Secure Key Manager (ESKM) for encrypted workloads in VMware-based cloud environments.
By integrating ESKM as the external Key Management Server (KMS) through VMware vCenter Server, encryption keys used for virtual machine protection are securely generated, stored, and managed outside of the virtualization platform. VMware Cloud Director builds on this configuration by orchestrating multi-tenant cloud environments that inherit encryption capabilities from the underlying vCenter infrastructure.
Additionally, the integration includes the use of a u.trust GP HSM to provide hardware-backed protection for root keys and key-encryption keys. This ensures that critical cryptographic material is safeguarded within a secure hardware boundary, enhancing the overall security posture of the environment.
This integration aims to:
-
Enable secure deployment of encrypted virtual machines in multi-tenant cloud environments
-
Centralize key management using ESKM
-
Ensure separation between key management and workload execution
-
Provide hardware-based protection for sensitive cryptographic material
-
Support security and compliance requirements for enterprise and service provider environments