Go To Content Go To Menu


MTG Key Management System for VMware encryption

The MTG Key Management System enables users to encrypt their VMware virtual machines with few klicks, helping to protect their critical and sensitive data quickly and easily. This is realized by innovative VMware Encryption-as-a-Service offerings in cooperation with the infrastructure provider DARZ GmbH.

MTG KMS allows customers to encrypt their VMware VMs with a few clicks via their familiar vCloud Director user interface.

vCenter of VMware allows to connect external Key Management Systems

vCenter of VMware allows to connect external Key Management Systems

VMware Encryption

With a changing and growing threat landscape, operators of virtual machines (VMs) increasingly have to deal with the issue of encrypting their critical data. VMs are portable and can therefore run on any server. Unauthorized internal persons or external attackers who have gained access to the relevant networks are able to access the data of unencrypted VMs without any protection. Data is virtually served "to-go". Recent successful hacker attacks underscore how vulnerable the systems of many companies are.

VMware has already addressed this development and offers its users encryption options for their VMs via its own in-house tools (vSphere native key providers) or also external key management systems (KMS).

Configuration of the MTG KMS to connect to vCenter of VMware

Configuration of the MTG KMS to connect to vCenter of VMware

An external KMS allows much more flexibility in the setup and introduction of innovative services. Once connected, users can very easily encrypt selected VMs from VMware. Selecting and acquiring a suitable KMS plus hardware security modules and operating them securely is a process that takes time, resources and, above all, expertise. This is not always affordable for every company that uses VMware.

MTG's new Key Management System is designed to enable these companies to effectively encrypt their VMware virtual machines quickly and cost-effectively. This is enabled by an innovative VMware Encryption-as-a-Service  offering.

Cooperation with DARZ

VMware Encryption-as-a-Service

The new DARZ service enables VMware virtual machines to be encrypted reliably and completely independent of their location.

In cooperation with DARZ GmbH, a long-term partner and infrastructure provider, a new VMware Encryption-as-a-Service has been created, enabling customers to encrypt their VMware quickly and easily via the familiar user interface of the vCloud Director. A particularly attractive feature is the possibility of having the VMs, which are operated in one's own data center, reliably encrypted via the DARZ service, completely independent of location.

VMware Encryption
for data center operators

Few klicks to encrypt the virtual machine via vCloud Director of VMware

Few klicks to encrypt the virtual machine via vCloud Director of VMware

In this offering, the MTG KMS is installed and configured in a failsafe manner in cooperation with the data center. The KMS is connected to VMware's vCenter via the existing KMIP interface. On this basis, data center operators can create attractive offers for their customers that enable the encryption of VMs from VMware virtually by the push of a button. Via the familiar user interface of the vCloud Director for managing the VMs, the data center customers can book and use the offer with just a few clicks. MTG offers data center operators attractive entry packages and cooperation models that enable the rapid introduction of such an offering at low cost and risk.


MTG KMS for companies

In certain cases, it is also worth running an in-house KMS. The system can then be installed, configured and operated in the company's own data center or also at the MTG partner DARZ. MTG supports its customers in planning, implementing and operating the KMS and VMware encryption. Further encryption options can be used on this basis (e.g., database encryption).

Encryption of vSANs and other
KMIP-based storage solutions

Besides encrypting VMs, VMware also offers the option of protecting so-called vSANs with the same method as described above. vSAN stands for Virtual Storage Attached Network, i.e., virtual storage networks that are backed by the physical hard disks of the host system. The data on the underlying physical hard disks is also transparently encrypted and thus protected.

Another use case are applications and operating systems for which a so-called TPM (Trusted Platform Module) is required (e.g., Microsoft Windows 11). When using the MTG KMS, virtualization of these systems is then possible very easily.

The great advantage of a standard interface is its vendor independence. This opens up a lot of opportunities for further IT security services on the basis of the MTG KMS, such as the encryption of KMIP-based databases, tape drives or other storage solutions - such as NetApp.

Downloads & Links

What can we do for you?

For further information feel free to contact us!

L├Ądt …