Over recent years, the usage of virtual machines (VMs) has significantly increased due to the flexibility and efficiency that they provide. Certain VM systems are managed using a graphical user interface (GUI) application, which provides an intuitive visual interface for managing individual virtual machine instances. One example GUI known in the art is included in a vSphere® Client software product sold by VMware, Inc. of Palo Alto, Calif. This software product enables users to direct various commands to VMs. One of the commands enables users to create a snapshot or checkpoint of a VM and another enables a user to restore a VM from a snapshot.
Users are able to centrally manage these snapshots using vSphere. Specifically, a user can perform a restoration of a VM by selecting, from a database of snapshots, a snapshot that either he or she created, or a snapshot that was created by another administrator. Unfortunately, a user who has access to a snapshot also has access to any processes that were being executed in the VM at the time the snapshot was created. For example, a snapshot of a VM might include a guest OS executing an application that exposes sensitive information, e.g., banking software that was logged into and left active when the snapshot was taken. Moreover, embedded networking security protocols that are validated simply by being logged into the guest OS, e.g., Microsoft Windows networking, are left intact and are available to the user who restores the snapshot, which potentially enables him or her to access network resources he or she should be unable to view, e.g., shared drives and protected network files.
One approach to alleviate the foregoing problem involves encrypting the snapshot such that a decryption key is required prior to performing the restoration of the snapshot. Encrypting snapshots, however, takes a considerable amount of time because snapshots are typically large in size. In addition, providing secure management and transmission of decryption keys between users of a virtualized system introduces additional complexities.