Today’s post is going to be a little shorter than usually just wanted to go over this topic. So how does one encrypt virtual machine files, they use a data encryption key, DEK. The DEK however needs to be able to be encrypted and decrypted by the host, so the host uses a key encryption ket, KEK, for this. The host is able to receive its KEK from the key management server, KMS, which distributes KEK to all hosts so that they may encrypt and decrypt the DEK used to encrypt and decrypt VM files.