Paper: VMware vSphere Virtual Machine Encryption Performance

Encryption of virtual machines is something that has been requested for years by the security community. VMware continued to postpone its implementation due to the negative operational impact that many solutions proved to have, until now. With vSphere 6.5 VMware introduced an agnostic, policy driven VM Encryption feature claiming that the impact on I/O performance is very minimal.
To prove that VMware published a 16 pages Performance Study which presents the results of several I/O experiments aimed to quantify CPU cost and I/O throughput and latency when enabling a VM with encryption.


The paper contains the following sections:

Executive Summary

  • Introduction
  • VM Encryption Overview
  • Design
  • Key Management
  • Performance Study
  • Experimental Setup
  • Server Hardware
  • Server Storage
  • Workload and Virtual Machine Configuration
  • Metrics
  • Server Software Configuration
  • Results
  • I/O Performance
  • VM Provisioning Operations
  • Conclusion
  • References