Sangfor SCP platform can enable disk encryption settings. After enabling, it supports the encryption of storage data of virtual machines to guarantee data security and avoid information theft.

Precautions:

1. Protect data-at-rest by encrypting VM disks. This is a one-way process and cannot be reversed.
2. Currently, SCP only supports using the AES-256 encryption algorithm to encrypt data.
3. Once the disk encryption settings are enabled, it will not automatically adopt disk encryption to the virtual machines until the enabled disk encryption has been enabled manually on the virtual machine setting.
4. Enabling or disabling disk encryption for a single resource pool is not supported.
5. The virtual machine must be powered off to enable disk encryption on the virtual machines.
6. After the disk has been encrypted, it doesn’t support disk decryption.
7. The disk encryption process takes a while to complete, and operations such as powering on are not supported. It is recommended to perform during non-business hours.
8. After the disk encryption is enabled on the virtual machine, the virtual machine will no longer support cloning, creating images, exporting operations, CDP backup, and disaster recovery functions and cannot be recovered.

Prerequisite

1. Disk encryption setting must be manual enabled for each virtual machine.
2. The encryption Key has already complete configured.

Steps:

Login to the SCP platform and navigate to Management > Security. Select Disk Encryption, click Enable Settings to enable the feature.

Go to Management > Security > Key Management Service > Encryption Keys to create a Built-in KMS Server Key or External KMS Server Key.