vSphere encryption enables customers to encrypt data on a per VM level. This level of encryption is ideal for customers who are concerned about rogue admins sending a VM and all its data to a non-secure location. Which VMs should be encrypted, is up to the virtualization administrative team and can be selected on a per VM basis (as seen in the figure below). A KMIP-compliant Key Management Server like CloudLink or Hytrust is required.
Figure 40. Per VM-level encryption with vSphere Encryption