This is one of my favorite feature in vSphere 7 Update 2. VMware now provides the capability to use a new native key provider for encryption. Allowing us to use vSAN encryption, VM encryption and vTPM natively without the requirement to deploy a external Key provider. In the past this capability can only be provided by using a 3rd party solutions like Hytrust KeyControl. In this post i will explain how easy is to configure and deploy this awesome new feature.
Go to [Configure > Key Providers] to add the local key provider.
Select [ADD > Add Native Key Provider].
Provide a Name and press [ADD KEY PROVIDER].
Backup the Master keys.
Save the Native key Provider in a secure location. Optionally protect the key file with a strong password.
Verify the ESXi Server Host Encryption Mode is [Enable].
Test the configuration by encrypting an existing VM.
Change the default “VM Storage Policy” to [VM Encryption Policy].
Now the VM is encrypted with the Native Key Provider. Really Awesome Feature.