How-to encrypt your virtual machine
Introduction
Virtual Machine Encryption (VME) is a security feature that protects your VM files and disks by encrypting them. This ensures that even if storage or backup files are accessed without authorization, the data remains unreadable.
Benefits of encryption
Enhanced Security: Protects sensitive data at rest and in transit.
Regulatory Compliance: Helps meet security standards and compliance requirements.
Trade-offs of encryption
While encryption significantly improves security, there are some considerations:
Performance Impact: Encryption may introduce slight CPU overhead, depending on workloads.
Backup & Restore Considerations: Not all backup solutions support encrypted VMs natively; ensure compatibility with your backup tools.
ITS Private cloud Portal
Login to the Portal https://cloud-portal.eis.utoronto.ca
Power Off the Virtual Machine.
Click on the toggle “Encryption” and Confirm the Message.
Once the encryption process completes, turn the virtual machine on.
Command-Line Interface (vss-cli)
Upgrade the vss-cli version to v2025.2.1 and pyvss version 2025.2.1
The following steps should guide you through the process of requesting a virtual machine snapshot using either via https://vss-cli.eis.utoronto.ca or a local ITS Private Cloud Command Line Interface vss-cli.
(Optional) Run
vss-cli configureto configure your VSS credentials. If you have already done this, please go to next step.Use the
vss-cli compute vm set <name-or-vm-id> encryption oncommand to submit a virtual machine change request to encrypt your virtual machine.vss-cli --wait compute vm set <name-or-vm_id> encryption on
The virtual machine must be powered off and should not have any snapshots.
Once the request is submitted, you can follow up the request status with the
vss-cli request changecommand:vss-cli request change ls --sort created_on,descYou will get a confirmation email for the request submission and when the task has completed
Related content
University of Toronto - Since 1827