MTG KMS allows customers to encrypt their VMware VMs with a few clicks via their familiar vCloud Director user interface.
With a changing and growing threat landscape, operators of virtual machines (VMs) increasingly have to deal with the issue of encrypting their critical data. VMs are portable and can therefore run on any server. Unauthorized internal persons or external attackers who have gained access to the relevant networks are able to access the data of unencrypted VMs without any protection. Data is virtually served "to-go". Recent successful hacker attacks underscore how vulnerable the systems of many companies are.
VMware has already addressed this development and offers its users encryption options for their VMs via its own in-house tools (vSphere native key providers) or also external key management systems (KMS).
An external KMS allows much more flexibility in the setup and introduction of innovative services. Once connected, users can very easily encrypt selected VMs from VMware. Selecting and acquiring a suitable KMS plus hardware security modules and operating them securely is a process that takes time, resources and, above all, expertise. This is not always affordable for every company that uses VMware.
MTG's new Key Management System is designed to enable these companies to effectively encrypt their VMware virtual machines quickly and cost-effectively. This is enabled by an innovative VMware Encryption-as-a-Service offering.
The new DARZ service enables VMware virtual machines to be encrypted reliably and completely independent of their location.
In cooperation with DARZ GmbH, a long-term partner and infrastructure provider, a new VMware Encryption-as-a-Service has been created, enabling customers to encrypt their VMware quickly and easily via the familiar user interface of the vCloud Director. A particularly attractive feature is the possibility of having the VMs, which are operated in one's own data center, reliably encrypted via the DARZ service, completely independent of location.
for data center operators
In this offering, the MTG KMS is installed and configured in a failsafe manner in cooperation with the data center. The KMS is connected to VMware's vCenter via the existing KMIP interface. On this basis, data center operators can create attractive offers for their customers that enable the encryption of VMs from VMware virtually by the push of a button. Via the familiar user interface of the vCloud Director for managing the VMs, the data center customers can book and use the offer with just a few clicks. MTG offers data center operators attractive entry packages and cooperation models that enable the rapid introduction of such an offering at low cost and risk.
MTG KMS for companies
In certain cases, it is also worth running an in-house KMS. The system can then be installed, configured and operated in the company's own data center or also at the MTG partner DARZ. MTG supports its customers in planning, implementing and operating the KMS and VMware encryption. Further encryption options can be used on this basis (e.g., database encryption).
Encryption of vSANs and other
KMIP-based storage solutions
Besides encrypting VMs, VMware also offers the option of protecting so-called vSANs with the same method as described above. vSAN stands for Virtual Storage Attached Network, i.e., virtual storage networks that are backed by the physical hard disks of the host system. The data on the underlying physical hard disks is also transparently encrypted and thus protected.
Another use case are applications and operating systems for which a so-called TPM (Trusted Platform Module) is required (e.g., Microsoft Windows 11). When using the MTG KMS, virtualization of these systems is then possible very easily.
The great advantage of a standard interface is its vendor independence. This opens up a lot of opportunities for further IT security services on the basis of the MTG KMS, such as the encryption of KMIP-based databases, tape drives or other storage solutions - such as NetApp.